cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1689
Views
5
Helpful
6
Replies

ATM connection via one external address

Hi all!!

I need advice :-)

There is a task - to connect 2 ATMs in the corporate network. Isolate from the local network. The question is - if I will  use one external address for two ATMs - how can I connect from OUT to each for maintenance and management? Or maybe there is a more beautiful solution for this problem? As a firewall will be used by Cisco ASA 5510.

 

Thanks

1 Accepted Solution

Accepted Solutions

Assuming licensing is sorted out





username password (usernames and passwords for vpn users)

ip local pool vpnpool eg 10.0.0.1 -10.0.0.10



!



crypto ikev1 policy 10

authentication pre-share

encryption 3des

hash sha

10 group 2

!

crypto ikev1 enable

!

crypto ipsec transform set RAVPN esp-3des esp-md5-hmac

!

tunnel-group VPN_TunnelGroup type ipsec-ra

tunnel-group VPN_TunnelGroup general-attributes

address-pool vpnpool

tunnel-group VPN_TunnelGroup ipsec-attributes

!

crypto dynamic-map VPN_DynamicMAP 1 set ikev1 transform-set RAVPN

!

crypto map MAP 1 ipsec-isakmp dynamic VPN_DynamicMAP

!

crypto map MAP1 interface





I have combined info from here<> along with some old configuration of mine. I hope this works for you but you should really consider changing you fw

View solution in original post

6 Replies 6

socratesp1980
Level 1
Level 1

Hello polinaovsyannikova,

 

Ideally you need to configure a VPN for this. As your firewall is quite old please provide the firmware version so I can give you a specific configuration commands.

 

You other option is to use NAT

You can do this with NAT (you might see this as port forward as well). The idea is when you try to access the external ip in port eg 10001 this will be mapped to the internal ip of the 1st ATM and likewise external ip port 10002 will be forwarded to the second ATM. 

for example if your external IP is 1.1.1.1 then with port forward

1111:10001 --> ATM1

1111:10002 --> ATM2 

 

Thanks for your reply!
Yes, our firewall is very old :-)
Software version is Cisco Adaptive Security Appliance Software Version 8.4(2)
Device Manager Version 7.3(2)

 

Are you talking about VPN Is it about the site that site IP SEC VPN?

I am talking about Remote access vpn is this is stll an option for you. You mentioned before you require access for management purposes


Yes, as an option, I can use a solution as VPN. Please, tell me where I can see examples or read about setting up such access. Thanks.

Assuming licensing is sorted out





username password (usernames and passwords for vpn users)

ip local pool vpnpool eg 10.0.0.1 -10.0.0.10



!



crypto ikev1 policy 10

authentication pre-share

encryption 3des

hash sha

10 group 2

!

crypto ikev1 enable

!

crypto ipsec transform set RAVPN esp-3des esp-md5-hmac

!

tunnel-group VPN_TunnelGroup type ipsec-ra

tunnel-group VPN_TunnelGroup general-attributes

address-pool vpnpool

tunnel-group VPN_TunnelGroup ipsec-attributes

!

crypto dynamic-map VPN_DynamicMAP 1 set ikev1 transform-set RAVPN

!

crypto map MAP 1 ipsec-isakmp dynamic VPN_DynamicMAP

!

crypto map MAP1 interface





I have combined info from here<> along with some old configuration of mine. I hope this works for you but you should really consider changing you fw

Thanks a lot for your help!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: