cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

916
Views
40
Helpful
21
Replies
Highlighted
Contributor

vpn site to site between FIREWALLS

can i have on this attached network picture how to configure vpn site to site from remote location to main headoffice location 

in remote location i have 

Firewall/router: Make/Model/OS

Cisco ASA5516-X

 

in HO location  they have

Firewall/router: Make/Model/OS

Fortigate 3951

 

have only one way connection from remote location to web server (main HO) (THE CONFIGURATION WILL ONLY ON MY SIDE ASA5516-X)

 

can i have the step for vpv- site to site example configurations

 

thanks  check attached pic

amr alrazzaz
21 REPLIES 21
Highlighted

Assign this IP to the interface that is connected to the ISP.
If for example on ASA Gi0/0 ---------- ISP
And your ISP gave you for example 62.2.170.128/29 then with the Cisco Logic on mind, you put the first IP on the Gi0/0

Interface gi0/0
ip address 62.2.170.129 255.255.255.248
nameif outside
Security-level 0
no shut
exit

And then you have to tell the router where is the Default Route
ip route 0.0.0.0 0.0.0.0 62.2.170.130 (the next IP would be the providers)

Then off course you have to build your inside LAN network and also NAT the traffic. (split-tunneling) if you have to.
Highlighted

thanks a lot for your great help 

 

yes of course my network already configured and working live with users now but the static ip address we ordered it for vpn connectivity recently after we made our configurations  so what is pending is to configure the static ip address on our network to be reachable 

 

so your configuration that you sent to me is the only pending to my network for static ip to be recognized on it

correct me if im wrong 

 

thanks again 

 

thanks

 

amr alrazzaz
Highlighted

just wanna ask about the the outside default route on  asa because i dont have a router , i have core switch only connected to ASA which directly connected to isp router 

 

so the configuration of default route on asa will be :

 

Route outside 0.0.0.0 0.0.0.0 next hope ip address (ip of the wan interface of isp router which assign on it the static ip ?)

 

is it correct ?

 

 

thanks

\

amr alrazzaz
Highlighted

What do you mean Core Switch? Layer 3 Switch? do you have Routed Vlans?

So you have connected the ISP side to the Switch? So if its a Layer 3 Switch are you going to assign that IP on the Switch? I don't understand...

Highlighted

this is a layer 2 switch only but vlans creations - dhcp servers for each vlan with management ip addresses

 

so its only layer 2 switch not more , so in that case whats the answer of my question :)

 

thanks many thanks

amr alrazzaz
Highlighted

Correct, ASA has routing capabilities also. You need to put a default route on it.
Highlighted

i have problem after create the vpn tunnel 

The traffic is clearly not sent via the VPN tunnel but directly to the DSL router and the internet, until it reaches a dead end.

 

do u have any idea ? maybe the routing problem ? do i have to make default route or something ?

amr alrazzaz
Content for Community-Ad