• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 192
  • Last Modified:

Cisco ASA 5510

I have a Cisco ASA 5510 and we have a vendor that has given me a single ip address on his end. He needs to reach 6 different static ip addresses inside my network through the single vendor supplied ip address. What would the best way to handle this through the firewall? VPN or some other way and how do you set it up?
0
CONB_IT
Asked:
CONB_IT
  • 3
  • 3
1 Solution
 
Ken BooneNetwork ConsultantCommented:
I would prefer to give them VPN access.  That way the user is authenticated, the traffic is encrypted and you can lock him down to only have access to those 6 IP addresses inside your network.  You can revoke his login anytime you want.
0
 
CONB_ITAuthor Commented:
How would I do that?
0
 
Ken BooneNetwork ConsultantCommented:
So here is a link to a configuration walk through:

http://www.petenetlive.com/KB/Article/0000943.htm

The difference for you is that the split tunnel list will just have those 6 host ip addresses in there.
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
CONB_ITAuthor Commented:
We don't use Cisco Anyconnect we use the Cisco VPN Client. See Below

Outside vendor IP address 24.x.x.x

Needs to have access to these inside our network ip addresses through the ASA

10.4.X.X
10.6.X.X
10.7.X.X
10.8.X.X
10.9.X.X
0
 
Ken BooneNetwork ConsultantCommented:
So if you are using the old vpn client, its still the same idea.  Set up a new group for this vendor, set up a new IP pool to hand out to this vendor when they connect with vpn.  Then set up a no nat rule just between these 6 ip ranges and the ip pool you assigned to the vendor.  Then set up these 6 ip ranges in a spin tunnel list for this vendor.
0
 
CONB_ITAuthor Commented:
Thank you! Great help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now