Re: RA VPN

sajid231088 · ‎07-23-2019

Hi All,

Hope you all are doing good

Please help me on the below..

I have one Cisco 2800 series router, One 5516-X firewall one 3560 Switch and 3 Servers like, File server, web server etc.

Have single Internet link (Broad Band) with static IP address (Public IP). This is my LAB setup.

Device setup/Topology : Router --> Firewall -->3560 SW--> LAN SW--> Servers.

(Please Correct me if above topology is wrong)

I want to configure RA VPN for my remote Users.

Help me in the Topology and configuration of router and firewall.

I am confused on the flow, Please let me know how the traffic will flow for example, When user try to access a file server and he try to connect over the VPN he will have to put any IP address of the device in the VPN Client, so my question is what IP would it be ? Would it be Public IP address or what ? And if its a public IP which is configured on the router so how router will come to know that the request is for file server.

I might have wrong question but wanted to clear my doubts.

Please suggest.

Regards

New Bee in Security

Rob Ingram · ‎07-23-2019

Hi,

If the public IP address is on the router you will need to configure nat to forward ports TCP/443, UDP/443, UDP/500 and ESP to the IP address of the ASA.

The ASA would need to be configured for Remote Access VPN using either SSL-VPN or IPSec, example of ASA Remote Access VPN here.

Once the ASA is configured, the user will open the AnyConnect client and enter the public IP address, this will be forwarded to the ASA. The user will authenticate and be assigned an private IP address, this will permit connectivity to the local network. The user will be able to access the File Server as if it were on the local network, it should be able to resolve the DNS names etc.