01-24-2008 01:32 PM - edited 03-11-2019 04:53 AM
I have the following configuration in an ASA5505-SEC-BUN-K8:
!
interface Vlan1
nameif Servers
security-level 100
ip address 192.168.80.1 255.255.255.0
!
interface Vlan10
nameif internet
security-level 0
ip address 10.0.11.99 255.255.0.0
!
!
interface Vlan90
nameif huespedes
security-level 40
ip address 192.168.90.1 255.255.255.0
!
interface Vlan201
nameif dmz
security-level 50
ip address 201.245.184.225 255.255.255.224
!
interface Vlan254
nameif bogota
security-level 100
ip address 192.168.252.2 255.255.255.252
!
I would like to know on which interface has to enable the vpn ;
crypto map ?????_map interface ????
crypto isakmp enable ?????
My outside interface is called internet.
If i have 30 public ips and the dmz vlan is using one of this public ip's , how need setup my vpn access?.
Thanks
01-24-2008 02:40 PM
I would recommend that you apply the crypto map on the interface where your default route is pointing to. The reason is, for Remote Access VPN, the user would be coming from any source IP and for the ASA to route the packets back to the VPN Client, a default route will scale much better.
Regards,
Arul
** Please rate all helpful posts **
03-06-2008 06:09 AM
what about if my outside interface is not directly connected to the internet. My outside interface in my ASA5500 is conected to the ISP router but the ISP give me a 10.x.x.x/32 subnet.
The ISP routers forward to my firewall the subnet with the publict ip's.
03-06-2008 06:45 AM
In that case you will not be able to terminate the Remote access VPN's on the firewall unless the ISP NAT's one of your public ip's to your external interface of your ASA.
The only other way around this will be to use some of your public address space on the network between the firewall and ISP router.
03-07-2008 06:28 AM
if I select the isp NAT option, how need setup the ASA to avoid the NAT-IPSEc issue?.
thanks.
03-07-2008 03:33 PM
You need to enable nat traversal with the following command:
"isakmp nat-traversal"
Good Luck!
03-06-2008 11:11 PM
you will enable on the internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide