Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1738
Views
0
Helpful
1
Replies

Asa 5510 VPN using ddns IP with inside internet

muhammad.kamran
Level 1
Level 1

‎02-07-2020 12:48 PM - edited ‎02-07-2020 02:48 PM

What will be asa configuration for VPN
I have 1 pppoe link from ISP, so I want to use ddns IP as Static IP, it's required by organization,
how should I configure asa 5510 , so remote user can access my site pc web cam, over vpn only one user each side by ddns fqdn or IP in browser and I also want to use same internet for my inside LAN users. 

Labels:
0 Helpful
1 Reply 1

Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎02-07-2020 03:24 PM

Hi,

 

My understanding for your question is that on your outside interface, you will be getting Dynamic IP which will keep changing with time. You can register for DDNS and configure asa to generate update whenever it gets new IP.

 

To access the camera, one of the good solution will be to configure a SSL Webevpn on your Router outside Interface and from webevpn page, there will be bookmark for your one camera or multple cameras. 

 

Second option is to access the camera directly from outside using DDNS name. Once your Router Internet IP on outside IP associated with DDNS then we can configure portforwarding to allow people from outside to reach your camera on port 443 or 20000 e.g https://asa.exampledomain.com:20000. From security perspective, if your camera supports https and authentication then it will be fine.

 

Configuration:

 

For DDNS:

 

Once you setup account from your preffered partne for DDNS. you need add following to your ASA:

 

hostname(config)# ddns update method ddns-2

 

hostname(DDNS-update-method)# ddns both

 

 

Step 2 To associate the method ddns-2 with the eth1 interface, enter the following commands:

 

hostname(DDNS-update-method)# interface eth1

hostname(config-if)# ddns update ddns-2

hostname(config-if)# ddns update hostname asa.example.com

 

Option 1: SSL Configuration example from CLI or from ASDM:

 

https://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119417-config-asa-00.html

 

with above, once you open your SSLVPN page form outside using ddns or IP, you can browse any accessible Webpages of your LAN like your camera

 

Option 2:

 

NAT/Portforwarding:

 

As mentioned above, you can access your camera without SSL also once your ddns setup is done or if you have static IP, you can access with static IP also:

 

ASA1(config)# object network CAMERA
ASA1(config-network-object)# host 192.168.3.1
ASA1(config-network-object)# nat (INSIDE,OUTSIDE) static interface service tcp 80 20000
or

nat (INSIDE,OUTSIDE) static interface service tcp 80 80

if you use 20000, then you need to access the camera on 2000 e.g https://x.x.x.x:20000

 

Let me know for any further information.

 

-- Rate this post helpful/accepted as solution if it helped you out. It will helpful for others also who are seeking solution for similar query

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card