Solved: RandyThanks for the reply. We

cocoengineers · ‎10-20-2015

Hello All

ASA Newbie

Using ASA 9.0 -

Need to know if this is possible without compromising security -

This is our scenario -

Inside our network we have a "public access" wireless network, this is set up on a Cisco 5508 with the appropriate ACLs at the core to block the public wireless network from accessing internal resources.

We can We now are trying to allow the users on the "public" network to access our VPN gateway which happens to be the same IP address on our ASA outside interface.

How do I allow that traffic from the public network to access the VPN gateway if its coming back in the same way it came out? I assume it would be a NAT.

Thanks in advance

Jose

rvarelac · ‎10-20-2015

Hi Jose,

Unfortunately this is behavior is not allowed by the ASA, Let's take an example the below topology.

10.1.1.0/24 --- WLAN interface--ASA--Outside interface (VPN) ----- internet.

In this way the users behind the WLAN interface won't be able to VPN to the outside interface , this is due to the security rules on the ASA and this behavior can't be changed. Alternative you can enable the VPN on the WLAN and Outside interface simultaneously.

Hope it helps

-Randy-

View solution in original post

rvarelac · ‎10-20-2015

Hi Jose,

Unfortunately this is behavior is not allowed by the ASA, Let's take an example the below topology.

10.1.1.0/24 --- WLAN interface--ASA--Outside interface (VPN) ----- internet.

In this way the users behind the WLAN interface won't be able to VPN to the outside interface , this is due to the security rules on the ASA and this behavior can't be changed. Alternative you can enable the VPN on the WLAN and Outside interface simultaneously.

Hope it helps

-Randy-

cocoengineers · ‎10-21-2015

Randy

Thanks for the reply. We are now looking at the alternative action.

Cisco ASA 5540 - Access to outside interface from device inside network