Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6995
Views
0
Helpful
3
Replies

how to connect ASA 5520 with ISP mpls network

y.tegegne
Level 1
Level 1

‎05-07-2012 01:39 AM - edited ‎03-03-2019 06:34 AM

In HQ , we have cisco ASA 5520 . there is a data line which supplied by ISP for MPLS-VPN service with branch office. branch offices also have  a data line which r supplied by ISP.  And now, I want the branch office to access resource from HQ without site to site vpn configuration( because we don't have  ASA or any device to configure L2L VPN) . so, I need your help to configure the hq firewall to allow the branch office accessing the resource at hq without any restriction. lets leave the security issue for this matter.

thanks for your kind cooperation.

bless day

                         HQ                                                            ISP                                                            branch office

                                                             ---------------------------------------------------------------------------------------

                                                             |                                                                                      |

             switch--------cisco ASA 5520   ------data modem----ISP infrastructur (MPLS) ---------data modem -----switch

                                                            |                                                                                       |

                                                            ----------------------------------------------------------------------------------------

Labels:
0 Helpful
3 Replies 3

darren.g
Level 5
Level 5

‎05-16-2012 04:38 PM 

Yohannes Tegegne wrote:
In HQ , we have cisco ASA 5520 . there is a data line which supplied by ISP for MPLS-VPN service with branch office. branch offices also have  a data line which r supplied by ISP.  And now, I want the branch office to access resource from HQ without site to site vpn configuration( because we don't have  ASA or any device to configure L2L VPN) . so, I need your help to configure the hq firewall to allow the branch office accessing the resource at hq without any restriction. lets leave the security issue for this matter.
thanks for your kind cooperation.
bless day
                         HQ                                                            ISP                                                            branch office
                                                             ---------------------------------------------------------------------------------------
                                                             |                                                                                      |
             switch--------cisco ASA 5520   ------data modem----ISP infrastructur (MPLS) ---------data modem -----switch
                                                            |                                                                                       |
                                                            ----------------------------------------------------------------------------------------

Configure another interface on the ASA with appropriate IP addressing (I'd use a /30 for a point-to-point link), set its name to something like "Branch" and its security level equal to your inside link (100), add appropriate routing for any subnets needed to go across the link to the branch office, and then put in a NAT exemption for the subnets concerned, and a security policy which allows any/any between the two interfaces.

Not too difficult.

Cheers.

0 Helpful

y.tegegne
Level 1
Level 1
In response to darren.g

‎05-26-2012 12:18 AM

dear friend,

thanks for your reply. am using ASDM 6.2 to configure the firewall.

hereunder the ip addess of the infrastructure

Inside network ---10.1.0.0  which has number of VLAN for different department.

core switch ip -  10.1.2.1  connect with firewall

ASA Inside -----  10.1.2.2  connect with core switch

ASA Data(branch) -- 172.16.2.2 connect with ISP router

ADSL router  - 172.16.2.1

branch office LAN IP -- 10.2.0.0

                                   10.3.0.0 .....

So, could you help me how to configure using ASDM ?

Thanks for your kindness and cooperation.

0 Helpful

Tagir Temirgaliyev
Spotlight
Spotlight

‎05-17-2012 02:27 AM

when connecting two branches by MPLS-VPN

to provide routung you need for example

1. gre tunnel over  MPLS-VPN wich ASA dosnt support

2. BGP AS inside  MPLS-VPN wich ASA dosnt support too

3. provider can configure static routes toward both sides MPLS-VPN

and you need at least L3 switch or router at branch office

most simple way is to use soft cisco vpn client on one windows pc in branch

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents