Link to home
Avatar of Rick Goodman
Rick Goodman

asked on

ASA as a Default Gateway? Will it work?

User generated imageI have a new warehouse coming online (Site 2) that I need to configure a site-to-site tunnel with. I'm stuck with having to try and make this configuration work with what they have but am a little confused. Site 1 has a bit more detail I didn't add to the drawing above as it doesn't pertain to Site 2.

Site 2 does not currently have a firewall. They purchased a Cisco ASA 5506 X, which is shown in the drawing, so we can create the tunnel. However, I found out that they only have 2 unmanaged switches. So from my understanding, I need to set their client's default gateway to point to the private interface on the ASA, they currently point to private interface on the Internet router, which will now have a public IP address along with the public interfaces of both the router and the ASA. Will this work? Will traffic from their LAN destined for the ASA know where to go? I can't point a route back to the LAN, there's nothing to point to.
ASKER CERTIFIED SOLUTION
Avatar of Garry Glendown
Garry Glendown
Flag of Germany image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Are you going to put youre router in bridge mode to supply youre wan address to the ASA.
because youre going to setup a site to site vpn. else you need to do some nat on the router to forward port 500 to you asa to setup youre vpn.

and don't forget to add an route in the router that tells the way back for youre local subnet
to answer your "will the traffic go the right way" question - yes. the asa looks at ip addressing of packets from the site 2 clients. if the addresses match the vpn definition, the asa encrypts the traffic and sends through the tunnel. if the addresses do not match, the asa assumes its traffic for the internet, so performs nat functions and sends on to the router.