Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
797
Views
5
Helpful
2
Replies

Allowing VPN out and back in ASA 5520

Go to solution
mrjwilson
Level 1
Level 1

‎09-18-2012 08:52 AM

Here is the setup:

Outside Interface : 50.50.50.5

Inside Interface:  192.168.1.5

Wireless Interface:  192.168.2.5

The  wireless interface is used for guest access to the internet and it  cannot get to any internal servers or workstations.  For offiste  employees we are using Cisco VPN to remote in through the firewall.

Now  here is the question, a traveling person comes into the office,  connects to the wireless network (no LAN ports available) and then wants  to VPN in to do work.  Can that be allowed through ACL's to allow  traffic like that or would we be looking at using Cisco AnyConnect?  I  would not want to enable "globally" the ability for the Wireless range  to speak to the Inside interface, but only allow VPN access.  At first  blush I would imagine the ASA to not allow this, but trying to get some  clarification, thanks!

And if it can be done, I can see security implications so I am also looking for best practice info as well.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mrjwilson

‎09-18-2012 10:12 AM

Hello Mrjwilson,

5 stars to you

Thank you for sharing the solution, now please mark the question as answered so future users can learn from your problem.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mrjwilson
Level 1
Level 1

‎09-18-2012 09:51 AM

Ok, so what we did is enable IPSEC (IKEv1) connection profiles on both the wireless interface and the outside interface.  That seems to have taken care of the vpn needs.

If anyone out there still sees an issue with best practice, let me know.

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mrjwilson

‎09-18-2012 10:12 AM

Hello Mrjwilson,

5 stars to you

Thank you for sharing the solution, now please mark the question as answered so future users can learn from your problem.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents