NewAvenues Admin
asked on
Cisco Site to Site VPN
Hello,
I want to setup a site to site VPN connection between a Cisco ASA 5512 and Cisco SRP512W.
The ASA 5512 is our main device and it has a static IP address
The SRP512W will be located in remote office inside a third party's network and doesn't have static IP.
Employees within the remote VPN will need access to a printer that is located in the third party's network. (Outside the VPN I am trying to setup)
I would really appreciate if so can give me some instructions on how to accomplish this setup, ideally from the GUI.
What should I ask the thrid party admin to do, which ports to open forward? I am really not familiar with Cisco devices and VPNs, so need beginner level instructions.
Thanks!
I want to setup a site to site VPN connection between a Cisco ASA 5512 and Cisco SRP512W.
The ASA 5512 is our main device and it has a static IP address
The SRP512W will be located in remote office inside a third party's network and doesn't have static IP.
Employees within the remote VPN will need access to a printer that is located in the third party's network. (Outside the VPN I am trying to setup)
I would really appreciate if so can give me some instructions on how to accomplish this setup, ideally from the GUI.
What should I ask the thrid party admin to do, which ports to open forward? I am really not familiar with Cisco devices and VPNs, so need beginner level instructions.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The ASA 5512 is our main device and it has a static IP address
The SRP512W will be located in remote office inside a third party's network and doesn't have static IP.
I've since learned that the third party network's gateway is a Cisco ASA 5515.... but WAN port on my device) of my SRP512W
Who has what device? You have 5512 or SRP512W? Remote is SRP512W or ASA 5515?
If you don't have overlapping networks, it is fine to setup NAT exempt. The ports should be restricted regardless to only the ones being used.
Default port for printer is tcp/udp/9100.
ASKER
Our main office: ASA 5512
Third party network: ASA 5515
Our Remote office (Inside the third party network): SRP512W
So basically I want the Remote Office (SRP512W) to connect to our main office (ASA 5512), going through the third party's ASA 5515. Does that make sense?
We actually don't have the remote office yet, it will be opening 1st of September. The above scenario is how I think I will need to setup their network.
So if what I am describing makes sense then I need to know what I should ask the third party's admin to do on their ASA 5515 for this to work. Should I ask them to create a NAT or something else?
The printer is in the third party's network, once and if the above scenario is setup, how do I facilitate access for employees in our remote site to the printer.
Third party network: ASA 5515
Our Remote office (Inside the third party network): SRP512W
So basically I want the Remote Office (SRP512W) to connect to our main office (ASA 5512), going through the third party's ASA 5515. Does that make sense?
We actually don't have the remote office yet, it will be opening 1st of September. The above scenario is how I think I will need to setup their network.
So if what I am describing makes sense then I need to know what I should ask the third party's admin to do on their ASA 5515 for this to work. Should I ask them to create a NAT or something else?
The printer is in the third party's network, once and if the above scenario is setup, how do I facilitate access for employees in our remote site to the printer.
Our Remote office (Inside the third party network): SRP512W
So basically I want the Remote Office (SRP512W) to connect to our main office (ASA 5512), going through the third party's ASA 5515. Does that make sense?
Do you mean your remote office will be sitting behind the 5515? And SRP512W will separate your remote office from third party network?
ASKER
I've since learned that the third party network's gateway is a Cisco ASA 5515. Should I just ask them to create a NAT that opens all ports on the private IP address (Private within their network, but WAN port on my device) of my SRP512W. I think it will be best if I can tell them specifically which ports to open.
Any advice on how to access the printer that is located inside the third party's network. Do I need to create a NAT on my end for this? I would really appreciate it if you can help me with this.
Thanks!