IOS VPN + ASA site to site

mkashifashraf · ‎02-28-2012

Dear,

Please find the attached topology,

Can I make the VPN tunnel between site B (ASA) outside interface & site A (Router IOS) LAN interface?

because i received the dynamic IP on my site A (Router) WAN interface from ISP but I have public IP configured on my LAN interface as well secondary IP's (Private IP's) on my LAN interface,

or

can I make a loopback interface for public IP & make tunnel on it?

in both cases either i put the Public IP on loopback or on LAN i can access the router publically from any where.

Please reply soon.

regards,

Muhammad Kashif Ashraf

rizwanr74 · ‎02-28-2012

Br Kashif,

Please follow link below, it explains every steps of configuring vpn tunnel between cisco router and ASA.

If you have a question, please feel free to ask.

http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a00809c7171.shtml

thanks

Rizwan Rafeek

mkashifashraf · ‎02-28-2012

Dear Rizwan,

Thanks for your reply, actually i know the configuration part.

but i'm just asking that

can i make tunnel on site A (WAN port) & site B (not WAN port) LAN port???

regards,

Muhammad Kashif Ashraf

rizwanr74 · ‎02-29-2012

"can i make tunnel on site A (WAN port) & site B (not WAN port) LAN port???"

I have never tried it, but it is possible as long public IPs you are using are routable, yes you can use them on any interface and make sure your security implication are being flexiable should you apply an ACL on the outside and insdie interfaces.

just an example.

access-list 101 permit udp any host 72.88.223.20 eq isakmp

access-list 101 permit esp any host 72.88.223.20

Hope that helps.

thanks

Rizwan Rafeek