Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
563
Views
0
Helpful
5
Replies

ASA 5510 and 2800 VPN router connectivity

Michael Mitchell
Level 1
Level 1

‎04-24-2013 03:07 PM - edited ‎03-11-2019 06:34 PM

I have been tasked to connect a 2800 router to our ASA 5510 firewall.  The router will be used as a VPN router.  It will terminate two different VPN connections to two different networks.  I can setup the 2800 VPN config but what would I need to do to setup the firewall.  I am using an extra Ethernet port(it has 4) to directly connect the router. The FW has our outside internet connection, the DMZ, and our inside LAN connection.  I do not have a lot of experience with Firewalls and I do not want to create a security breach while trying to set this up!!  Please help. Thank you.

Labels:
0 Helpful
5 Replies 5

Julio Carvajal
VIP Alumni
VIP Alumni

‎04-24-2013 04:08 PM

Hello Michael,.

We would be more than glad to help but we will need more information than that,

I mean where are you going to connect the 2800 router, on the outside or DMZ or inside interface of the ASA???

Is VPN traffic the only traffic that must go from that 2800 to the ASA?

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Michael Mitchell
Level 1
Level 1
In response to Julio Carvajal

‎04-25-2013 01:02 PM

Thank you for the help!

Let me try to explain how I thought the traffic would flow and maybe you can tell me if it can be done or not.

I have to build a GRE/IPSEC tunnel between our 2800 router and Amazon's ASW service(a virtual private cloud).  I wanted the traffic to flow from Amazon over the tunnel back to our Firewall and then out the interface that is connected to the 2800 router.   Then the router will route the traffic back out the same interface into the FW.  The FW will then push the traffic to the inside interface which is directly connected to our Core switch( our inside LAN).

The only traffic going between the 2800 router and the FW will be the VPN traffic.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Michael Mitchell

‎04-25-2013 09:33 PM

Hello Michael,

Yeah, this can be done

No problem at all

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Michael Mitchell
Level 1
Level 1
In response to Julio Carvajal

‎04-26-2013 02:46 PM

This FW is killing me...

OK so I got the router connected and the tunnels configured on the router and the tunnels built on our Amazon VPC. However I cannot ping Amazon's public IP address for our tunnels from the router.  I CAN ping them from the outside interface on the FW.   I am missing a access list or a route in the FW or something!!!  Oh and I can ping the Amazon IP addresses from my PC on the LAN as well but I cannot ping the router's IP address from my PC....  I hope this makes sense.  I know its the FW but with my limited experience with them I am having trouble getting it all setup in there.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Michael Mitchell

‎04-26-2013 02:48 PM

LOL...

By any chance do you have any valid cisco contract that you could use to refer if further assistance ( remote session, etc) needs to be done as there are several points of failures on this case??

Try the following

Fixup protocol ICMP

and then let me know

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card