cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1598
Views
25
Helpful
5
Replies

VPN-reachibility from one interface to one another interface

gln
Level 1
Level 1

I want to establish RA-VPN. This I have successfully configured on the outside interface of our ASA-5508-X with FTD-image.
(and organized with FDM; no license for FMC).
But: on our WLAN-network, which is connected via another interface of our ASA, named airport; I want to realize VPN-connectivity too!

in the configuration there is a limitation of only one VPN-interface for ALL vpn-connections. How do I realize VPN-connectivity over both networks (outside and airport)? Background: Our WLAN has the same minor rights like our outside-connection. To reach our internal network it is necessary to do vpn. This should be possible for outside workers like inside workers (in the reachibility of our WLAN).
I tried different access-list aproaches, without success. This means: trying to reach the outside-interface over the airport-

interface. But this does not seem to work.

 

I appreciate any tips here

5 Replies 5

I have the excact same issue, Cisco please help us as this was enabled on my clients old ASA (v8.2) and is crucial for their companys operation

As of the current FTD release (6.5.0.1), Cisco only supports configuration of a single interface for SSL VPN when managing with Firepower Device Manager (FDM). The same applies when using Cisco Defense Orchestrator or CDO.

If you switch to Firepower Management Center (FMC) management you can configure multiple interfaces.

This means an additional license for 500 Dollars for two devices at the moment. This for a funcionality which is realized with our old ASA 5010 with the standard ios.

On the other side this is a  fine operating system, can updated within minutes - on the contrary, at our old cisco it is a special enterprise to update the system - fearing that the rules of the configuration will break - while the company depends on the internet connection. So please Cisco do something or in the future: sell this cisco with the necessary configuration tools!

To be fair, the old 5500 series ASA running 8.x software isn't protecting against 90% or more of current threats.

Until Cisco updates FTD to be able to support multiple interfaces for VPN when using FDM management, you could leave the ASA sitting in a DMZ connected to the FTD device(s) and get the multiple interface support there. It's a bit of a hack design-wise but it would work.

Hello Marvin,

 

thank you for this nice idea! In reality I will have some problems: Changing the  new firewall into productivity, which default configuration should rest on the old asa and in a condition that it works like figured out, and all this in a weekend when company activities are low. 

Oh yes there is Christmas coming... A few free days for my colleagues...

 

But I will  discuss this here, it seems to be a possible workaround. I really would feel better with the new cisco.

 

Review Cisco Networking for a $25 gift card