Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
0
Helpful
5
Replies

Traffic enters one interface and forwards to another?

Lajja1234
Level 1
Level 1

‎04-20-2013 04:27 AM

Hi!

I am building a new VPN Anyconnect solution. I want the traffic to enter a interface and that traffic should be forwarded to my "VPN-Machine".

The system is a ASA5520 with old software, I am not at work now so i cannot tell exactly.

So my question is, how do i make the traffic enter one interface and being forwarded to another? I have splitted the physical interface to several sub-interfaces.

/Lajja

Labels:
0 Helpful
5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

‎04-21-2013 11:27 AM

We need some additional information to be able to give you helpful answers. Is this being done on the ASA where traffic enters on one interface and should be forwarded out another interface. Of is this being done on some router and traffic is forwarded toward the ASA where the AnyConnect will be terminated?

HTH

Rick

HTH

Rick
0 Helpful

Lajja1234
Level 1
Level 1
In response to Richard Burts

‎04-21-2013 11:32 AM

In the ASA, traffic should enter one interface and be forwarded on another interface.

/Lajja

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Lajja1234

‎04-21-2013 12:13 PM

There is probably some aspect of your requirement that I do not yet understand. But so far it seems a fairly simple thing. If we assume that your ASA will have interface outside with IP address of 1.2.3.4 (with a next hop of 1.2.3.3) and an interface inside with IP address of 192.168.1.0, and a VPN pool of 192.168.2.0. Then the AnyConnect packets from the remote clients will arrive on interface outside. AnyConnect will begin the session and assign a pool address of 192.168.2.1 to the client session. Then AnyConnect looks at the packet which was received from the outside client and sees that it is a request to your Mail server which is at address 192.168.1.100. The ASA will forward the traffic through the inside interface. The Mail server sends a response which comes through interface inside. The AnyConnect logic will encapsulate the packet in the VPN tunnel and forward it out the interface outside.

So the traffic arrives on one interface and is forwarded out the other interface.

HTH

Rick

HTH

Rick
0 Helpful

Lajja1234
Level 1
Level 1
In response to Richard Burts

‎04-21-2013 11:59 PM

I think I am not explaining correctly. I will try again

I have two ASA machines. One big but old 5520 that is being used as a firewall, and one smaller 5505 that i have borrowed from another company to try Anyconnect VPN.

On the 5520 I have made one interface available through internet (not the outside interface) and I have another interface pointing against the 5505. I want the interface thats open to internet to forward all packets to the interface thats connected to the 5505.

It's probably a simple thing, but I am not sure about how to do the forwarding part.

/Lajja

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Lajja1234

‎04-22-2013 08:04 AM

The additional information does help but still leaves me with some questions. You mention an interface connecting to the Internet but it is not the outside interface. Is there an outside interface that also connects to the Internet? You mention an interface to the 5505 but do not mention an inside interface. Is there an inside interface?

Will the connection between the 5520 and the 5505 be using public IP addresses or using private IP addressing?

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents