topic Cisco ASA Point-to-Point Stub Configuration in Network Security

Cisco ASA Point-to-Point Stub Configuration

Scott Pickles — Mon, 11 Mar 2019 23:10:06 GMT

All -

I have an ASA (US-HEN) on a public IP that is a fiber based connection. Then there is a private point-to-point from the same fiber service company. Both ASA are 5510 in routed mode. The second location (US-LEX) used to have a site-to-site VPN over a DSL connection which has gone away. So now there is a private point-to-point over a /32 subnet and I'm pointing the ASA at US-LEX back to US-HEN as its default gateway. Should I put the second ASA (I'm calling this a 'stub' connection) into transparent mode as opposed to routed?

Regards,
Scott

Cisco ASA Point-to-Point Stub Configuration

Scott Pickles — Tue, 22 May 2012 20:08:38 GMT

A quick diagram:

Internet ---- US-HEN outside ---- US-HEN ptp (192.168.0.1) ---- US-LEX ptp (192.168.0.2) ---- US-LEX inside

sec-level 0 sec-level 100 sec-level 100 sec-level 100

I have turned on permit inter and intra interface and the following routing exists:

US-HEN

1. ip route 0.0.0.0 0.0.0.0 [public IP gateway]

2. ip route 192.168.x.x [US-LEX] 192.168.0.2

US-LEX

1. ip route 0.0.0.0 0.0.0.0 192.168.0.1

Should I specify NAT exemptions in both directions for traffic? I would think that I wouldn't need that unless traffic is about to go over a site-to-site VPN tunnel.

Cisco ASA Point-to-Point Stub Configuration

Scott Pickles — Tue, 29 May 2012 13:53:30 GMT

I was also thinking about configuring it with 'ip permit any any' statements to allow all of the traffic in/out and disabling NAT. Really I just need it to function like a router at this point and not so much a firewall.