Asa 5510 VPN using ddns IP with inside internet

muhammad.kamran — Fri, 07 Feb 2020 22:48:20 GMT

What will be asa configuration for VPN
I have 1 pppoe link from ISP, so I want to use ddns IP as Static IP, it's required by organization,
how should I configure asa 5510 , so remote user can access my site pc web cam, over vpn only one user each side by ddns fqdn or IP in browser and I also want to use same internet for my inside LAN users.

Re: Asa 5510 VPN using ddns IP with inside internet

Muhammad Awais Khan — Fri, 07 Feb 2020 23:24:29 GMT

Hi,

My understanding for your question is that on your outside interface, you will be getting Dynamic IP which will keep changing with time. You can register for DDNS and configure asa to generate update whenever it gets new IP.

To access the camera, one of the good solution will be to configure a SSL Webevpn on your Router outside Interface and from webevpn page, there will be bookmark for your one camera or multple cameras.

Second option is to access the camera directly from outside using DDNS name. Once your Router Internet IP on outside IP associated with DDNS then we can configure portforwarding to allow people from outside to reach your camera on port 443 or 20000 e.g https://asa.exampledomain.com:20000. From security perspective, if your camera supports https and authentication then it will be fine.

Configuration:

For DDNS:

Once you setup account from your preffered partne for DDNS. you need add following to your ASA:

hostname(config)# ddns update method ddns-2

hostname(DDNS-update-method)# ddns both

Step 2 To associate the method ddns-2 with the eth1 interface, enter the following commands:

hostname(DDNS-update-method)# interface eth1

hostname(config-if)# ddns update ddns-2

hostname(config-if)# ddns update hostname asa.example.com

Option 1: SSL Configuration example from CLI or from ASDM:

https://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119417-config-asa-00.html

with above, once you open your SSLVPN page form outside using ddns or IP, you can browse any accessible Webpages of your LAN like your camera

Option 2:

NAT/Portforwarding:

As mentioned above, you can access your camera without SSL also once your ddns setup is done or if you have static IP, you can access with static IP also:

ASA1(config)# object network CAMERA
ASA1(config-network-object)# host 192.168.3.1
ASA1(config-network-object)# nat (INSIDE,OUTSIDE) static interface service tcp 80 20000
or

nat (INSIDE,OUTSIDE) static interface service tcp 80 80

if you use 20000, then you need to access the camera on 2000 e.g https://x.x.x.x:20000

Let me know for any further information.

-- Rate this post helpful/accepted as solution if it helped you out. It will helpful for others also who are seeking solution for similar query

topic Asa 5510 VPN using ddns IP with inside internet in Network Security

Asa 5510 VPN using ddns IP with inside internet

Re: Asa 5510 VPN using ddns IP with inside internet