05-07-2012 01:39 AM - edited 03-03-2019 06:34 AM
In HQ , we have cisco ASA 5520 . there is a data line which supplied by ISP for MPLS-VPN service with branch office. branch offices also have a data line which r supplied by ISP. And now, I want the branch office to access resource from HQ without site to site vpn configuration( because we don't have ASA or any device to configure L2L VPN) . so, I need your help to configure the hq firewall to allow the branch office accessing the resource at hq without any restriction. lets leave the security issue for this matter.
thanks for your kind cooperation.
bless day
HQ ISP branch office
---------------------------------------------------------------------------------------
| |
switch--------cisco ASA 5520 ------data modem----ISP infrastructur (MPLS) ---------data modem -----switch
| |
----------------------------------------------------------------------------------------
05-16-2012 04:38 PM
Yohannes Tegegne wrote:
In HQ , we have cisco ASA 5520 . there is a data line which supplied by ISP for MPLS-VPN service with branch office. branch offices also have a data line which r supplied by ISP. And now, I want the branch office to access resource from HQ without site to site vpn configuration( because we don't have ASA or any device to configure L2L VPN) . so, I need your help to configure the hq firewall to allow the branch office accessing the resource at hq without any restriction. lets leave the security issue for this matter.
thanks for your kind cooperation.
bless day
HQ ISP branch office
---------------------------------------------------------------------------------------
| |
switch--------cisco ASA 5520 ------data modem----ISP infrastructur (MPLS) ---------data modem -----switch
| |
----------------------------------------------------------------------------------------
Configure another interface on the ASA with appropriate IP addressing (I'd use a /30 for a point-to-point link), set its name to something like "Branch" and its security level equal to your inside link (100), add appropriate routing for any subnets needed to go across the link to the branch office, and then put in a NAT exemption for the subnets concerned, and a security policy which allows any/any between the two interfaces.
Not too difficult.
Cheers.
05-26-2012 12:18 AM
dear friend,
thanks for your reply. am using ASDM 6.2 to configure the firewall.
hereunder the ip addess of the infrastructure
Inside network ---10.1.0.0 which has number of VLAN for different department.
core switch ip - 10.1.2.1 connect with firewall
ASA Inside ----- 10.1.2.2 connect with core switch
ASA Data(branch) -- 172.16.2.2 connect with ISP router
ADSL router - 172.16.2.1
branch office LAN IP -- 10.2.0.0
10.3.0.0 .....
So, could you help me how to configure using ASDM ?
Thanks for your kindness and cooperation.
05-17-2012 02:27 AM
when connecting two branches by MPLS-VPN
to provide routung you need for example
1. gre tunnel over MPLS-VPN wich ASA dosnt support
2. BGP AS inside MPLS-VPN wich ASA dosnt support too
3. provider can configure static routes toward both sides MPLS-VPN
and you need at least L3 switch or router at branch office
most simple way is to use soft cisco vpn client on one windows pc in branch
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide