Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
789
Views
0
Helpful
4
Replies

ASA5505 Firewall: route internet via external VPN?

cisco
Level 1
Level 1

‎02-07-2013 03:30 AM

Dear Cisco community,

I would hereby like to inform if it is possible to configure the Cisco ASA5505 firewall to route internet via an external VPN, while a laptop and smartphone connect to the firewall via Cisco AnyConnect VPN.

The configuration would result into: Laptop on public internet -> Cisco ASA5505 VPN -> External VPN (Unix server) -> internet.

Is this configuration possible?

Best Regards,

Jan

Labels:
0 Helpful
4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

‎02-07-2013 04:01 AM

Hi,

Are you talking about a following kind of situation

  • User connects to the ASA5505 with AnyConnect VPN Client
  • Users Internet traffic needs to be forwarded to a L2L VPN connection that is built on the ASA5505 also
  • Users Internet traffic will go out through the Internet connection at the remote site

Can you confirm if the situation is the above?

Could you also tell us your ASAs software level?

- Jouni

0 Helpful

cisco
Level 1
Level 1
In response to Jouni Forss

‎02-07-2013 04:11 AM

Dear Jouni,

Thank you for the fast reply! The described situation seems to be correct, aldough I am not familiar with the term L2L VPN.

The Cisco ASA5505 needs to connect to an external VPN (OpenVPN on a Unix server) from which the public internet will be available.

Is this possible with a default ASA5505?

Regarding the software level I am unsure. I've purchased it 1 year ago via an internet store. It is a new version, I previously purchased a ASA5505 with an old software version and was able to return it for a new model. I remember that the version extension is K9.

Best Regards,

Jan

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to cisco

‎02-07-2013 04:42 AM

Hi,

Basically L2L VPN means and encrypted connection between 2 LAN networks/sites/offices/etc (Lan to Lan VPN)

Its configured between 2 VPN devices and doesnt require separate "log in" from the users. The VPN Connection is activated when there is traffic that needs to use the L2L VPN connection.

What is the purpose of building such a setup? Why would you not forward the VPN Client traffic to Internet straight from the ASA5505? Do notice that with this kind of setup theres even more bandwith used on your ASA5505 local Internet connection.

If you use the graphical user interface known as ASDM you should be able to see the software version on the main page after youve opened the software.

On the command line interface (CLI) side you can show the version and license information with "show version" command.

- Jouni

0 Helpful

cisco
Level 1
Level 1
In response to Jouni Forss

‎02-07-2013 04:55 AM

Dear Jouni,

Thanks a lot for the help!

The motivations are:

  1. the management of webservers that are behind a hardware firewall could be done from a single IP that is traceable to a domain (e.g. serveradminxyz.domain.com)
  2. the IP is fixed and unlikely to change while the internet connection IP of the firewall may change more likely
  3. additional security against spying/sniffing and hacking, because the network of the server provider may be more secure then the network of a regular internet provider that hosts individuals, because of the amounts of data that is being processed by the network (it would be harder / more unlikely that hackers try to get/hack VPN traffic from the network of a internet server network / data center)

Are these motivations wrong? And will a server to server VPN cause a large loss of bandwith (and do you perhaps know how much would be lost by the functioning of the firewall alone?)

0 Helpful
Customers Also Viewed These Support Documents