Re: vpn site to site between FIREWALLS - Page 2

amralrazzaz · ‎10-23-2018

can i have on this attached network picture how to configure vpn site to site from remote location to main headoffice location

in remote location i have

Firewall/router: Make/Model/OS

Cisco ASA5516-X

in HO location they have

Firewall/router: Make/Model/OS

Fortigate 3951

have only one way connection from remote location to web server (main HO) (THE CONFIGURATION WILL ONLY ON MY SIDE ASA5516-X)

can i have the step for vpv- site to site example configurations

thanks check attached pic

amr alrazzaz

Fotiosmark · ‎10-29-2018

Assign this IP to the interface that is connected to the ISP.
If for example on ASA Gi0/0 ---------- ISP
And your ISP gave you for example 62.2.170.128/29 then with the Cisco Logic on mind, you put the first IP on the Gi0/0

Interface gi0/0
ip address 62.2.170.129 255.255.255.248
nameif outside
Security-level 0
no shut
exit

And then you have to tell the router where is the Default Route
ip route 0.0.0.0 0.0.0.0 62.2.170.130 (the next IP would be the providers)

Then off course you have to build your inside LAN network and also NAT the traffic. (split-tunneling) if you have to.

amralrazzaz · ‎10-29-2018

thanks a lot for your great help

yes of course my network already configured and working live with users now but the static ip address we ordered it for vpn connectivity recently after we made our configurations so what is pending is to configure the static ip address on our network to be reachable

so your configuration that you sent to me is the only pending to my network for static ip to be recognized on it

correct me if im wrong

thanks again

thanks

amr alrazzaz

amralrazzaz · ‎10-29-2018

just wanna ask about the the outside default route on asa because i dont have a router , i have core switch only connected to ASA which directly connected to isp router

so the configuration of default route on asa will be :

Route outside 0.0.0.0 0.0.0.0 next hope ip address (ip of the wan interface of isp router which assign on it the static ip ?)

is it correct ?

thanks

\

amr alrazzaz

Fotiosmark · ‎10-29-2018

What do you mean Core Switch? Layer 3 Switch? do you have Routed Vlans?

So you have connected the ISP side to the Switch? So if its a Layer 3 Switch are you going to assign that IP on the Switch? I don't understand...

amralrazzaz · ‎10-29-2018

this is a layer 2 switch only but vlans creations - dhcp servers for each vlan with management ip addresses

so its only layer 2 switch not more , so in that case whats the answer of my question :)

thanks many thanks

amr alrazzaz

Fotiosmark · ‎10-30-2018

Correct, ASA has routing capabilities also. You need to put a default route on it.

amralrazzaz · ‎01-24-2019

i have problem after create the vpn tunnel

The traffic is clearly not sent via the VPN tunnel but directly to the DSL router and the internet, until it reaches a dead end.

do u have any idea ? maybe the routing problem ? do i have to make default route or something ?

amr alrazzaz