cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
496
Views
5
Helpful
2
Replies
Highlighted
Beginner

Allowing VPN out and back in ASA 5520

Here is the setup:

Outside Interface : 50.50.50.5

Inside Interface:  192.168.1.5

Wireless Interface:  192.168.2.5

The  wireless interface is used for guest access to the internet and it  cannot get to any internal servers or workstations.  For offiste  employees we are using Cisco VPN to remote in through the firewall.

Now  here is the question, a traveling person comes into the office,  connects to the wireless network (no LAN ports available) and then wants  to VPN in to do work.  Can that be allowed through ACL's to allow  traffic like that or would we be looking at using Cisco AnyConnect?  I  would not want to enable "globally" the ability for the Wireless range  to speak to the Inside interface, but only allow VPN access.  At first  blush I would imagine the ASA to not allow this, but trying to get some  clarification, thanks!

And if it can be done, I can see security implications so I am also looking for best practice info as well.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hello Mrjwilson,

5 stars to you

Thank you for sharing the solution, now please mark the question as answered so future users can learn from your problem.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

2 REPLIES 2
Highlighted
Beginner

Ok, so what we did is enable IPSEC (IKEv1) connection profiles on both the wireless interface and the outside interface.  That seems to have taken care of the vpn needs.

If anyone out there still sees an issue with best practice, let me know.

Highlighted

Hello Mrjwilson,

5 stars to you

Thank you for sharing the solution, now please mark the question as answered so future users can learn from your problem.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post