06-16-2021 12:34 PM
I am a very new to cisco. I have a little handle on it and will start ccna training in July. I am a sysadmin at company that is being acquired by another. We have a UNIFI network and I have a vpn server configured on it. We are adding an ASA between out internet and the USG with a site to site vpn configured to our new HQ. Now the WAN public IP is on the ASA and I want it to forward the user VPN traffic to the USG on the inside. I don't think I can just fwd L2TP packets because the site to site VPN uses L2TP as well.
I do have 5 public IPs so I want to have an IP for the site to site & an IP for the users VPN (& security cams). My question is do I need to use a 2nd interface for the 2nd public IP & then configure all the acls or can I assign the g 0/0 with 2 different IP (like a sub interface) and have it forward to the USG inside the ASA? I know this is rather trivial but I have been having a hard time finding some direction on this.
06-16-2021 01:09 PM
You do not need seconds interface configuration, you need Public IP so you can do port forward.
you mean you have L2TP Server and also site to site VPN ?
you need 1701 1723 and 500 and 450 allowed in port forward.
Look below example :
https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/td-p/769250
06-16-2021 01:20 PM
Won't that affect the site-to-site also. Both VPNs ,the user & the site-to-site are using L2TP. If i forward the ports used for LT2P, wont it forward traffic coming from the headquarters?
06-16-2021 01:24 PM - edited 06-16-2021 01:25 PM
High level You need to use different Public IP address for each service.
If i forward the ports used for LT2P, wont it forward traffic coming from the headquarters?
Not sure if i understand this correctly?
06-16-2021 01:27 PM
Yes, i understand that. So 2 different interfaces? ...... or can I assign them both to the g 0/0 where my WAN interface is? Does sub interface work here?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide