I have configured and tested an ASA-5505 that will be deployed at a customer's home. The ISP cable modem will connect to the E0 (outside) interface of the ASA. All other interfaces on the ASA are configured for the inside network 192.168.5.0/24. I have created a VPN site-to-site tunnel between this ASA and the UC540 to allow 192.168.5.0/24 subnet access to the internal networks on the UC540.
The user has requested that all the network devices used by the rest of the family will only need to connect to the Internet. They will not need access to the VPN tunnel and they will not need access to the computers on the 192.168.5.0/24 inside network. I was planning on performing the following tasks to get this to work:
Is there a better or tested method of performing this configuration. Any advice would be appreciated.
Thanks & have a good day.
probably more simple way is
to creat a VPN site-to-site tunnel between this ASA and the UC540 to allow 192.168.5.0/(25 or 26) subnet access to the internal networks on the UC540.
so ip addresses 192.168.5.1 -192.168.5.127 will go into tinnel but others 192.168.5.129 -192.168.5.255 will
dont forget to rate post
The only caveat I see with that setup is automatically determining devices that are authorized to connect through the VPN tunnel vs unauthorized devices that aren't supposed to connect through the tunnel. I would need to set static IPs on devices that need to connect to main office through the VPN tunnel and configure DHCP on the ASA to provide IP addresses starting at 192.168.5.129 - 158 (only scope of 30 addresses max permitted). Right now, I have the DHCP scope on the ASA providing IP addresses from 192.168.5.21 - 50. I obviously can't set up two DHCP servers on the same subnet. If I set up the DHCP scope to be 192.168.5.121 - 150, that would also not work because without my intervention, there's no way to determine if unauthorized devices connect to the VPN or authorized devices not being able to connect to VPN.
Not a bad idea though. Thanks.