cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1969
Views
16
Helpful
30
Replies

ASA 5510 Tunnel

ashah
Level 1
Level 1

Hello All. I am not a ASA expert but I have configured them few times. I have a vision of a task I have to complete but not sure if it is practical or how to go about doing it.

We two locations, Location A and Location B. Both locations have a 100MB internet conection.

Location A has a ASA 5510. Location B has a 5505.

Users at both locations access the internet via their respective ASA.

Location A is the headquarters and Location B is a disaster recovery site.

We want to setup a tunnel between both ASAs. This tunnel will be used to replicate data between the two locations for DR purposes. We need the users to still use the same pipe to get to the internet but want to allocate 10MB for internet use and the remaining 90MB for the DR tunnel.

Can this be done? Any help would be appriciated. Thanks.

30 Replies 30

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Asif,

It can be done .

Do you have the tunnel setup already??

Then you will need to setup a police action for the internet traffic so you can provide the rest of the bandwith to the tunnel.

This will be done with the MPF setup.

Any other question...Sure...Just remember to rate all of my answers...

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks for the reply Julio.

There is no tunnel setup yet.

So how do I go about doing this? What are the first steps? If you could hold my hand through this...

Okay Asif,

I will help.

Let me know when you have the tunnel up okay?

Regards,

Any other question...Sure...Just remember to rate all of my answers...

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks but thats what I need help with. How do I get the tunnel up?

Sorry for the late reply. We changed the ISP at the remote site, so I was waiting for their internet to come up and function properly before I started working on the tunnel.

I looked through the links you sent and it looks pretty simple. Once the tunnel is created, will it effect the users using the internet at each site?

Any help?

Can anyone please help?

Hello Asif,

No, internet traffic will go to the ISP as it should,

Remember to rate all of the helpful answers

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Ok but during the tunnel setup arent we saying in the access list setup that all traffice from the first ASA needs to go to the second ASA? Dosent that mean "ALL" traffic including internet traffic will go to the second ASA via the tunnel? Maybe you could clearify that for me...

Thanks.

Hello,

On the links I sent you the only traffic being encrypted is the one between the remote branches

access-list 100 extended permit ip 10.2.2.0 255.255.255.0 10.1.1.0 255.255.255.0

As you can see on the above example, not all traffic is being encrypted.

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Ahhhh ok. I understand now. The only traffic that will go through that tunnel is the traffic whose destination is the second ASA from the first ASA. OK. So I will get the tunnel setup and report back. Thanks.

Location A has a ASA 5510. That shouldnt make a difference right?

Correct,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: