07-23-2015 08:44 AM
Trying to wedge ASA into existing infrastructure. It will be behind an internet facing router. Never tried to do this before and not 100% sure how to do this. There are other ports on the router that have to remain untouched/unaffected.
Internet --> x.x.x.x Router 192.168.2.1 --> 192.168.2.100 ASA 10.0.82.1 --> private network (10.0.82.x)
The router has a public ip of x.x.x.x. On the private side the router is configured as 192.168.2 and I've configured the ASA 192.168.2.100 as a DMZ address on the router. Used the adsm wizard to setup a IPSEC(IKEv1) connection profile. But when I try to connect from another machine using the vpn client it doesn't seem to "see" the asa.
I don't suppose there exists a walkthru out there somewhere for such a scenario?
07-23-2015 09:20 AM
First: The better way would be to redesign your setup and use the router as a pure "modem" which means the ASA has the public IP. That makes everything much easier.
If that's not an option, have you forwarded UDP/500 and UDP/4500 from the DSL-router to the ASA? That is needed to make the VPN work.
07-23-2015 10:04 AM
Changing the existing setup is not an option. For reasons beyond my control the other ports on the router must remain outside the ASA. I do have the ability to designate one port/address on the router as being in the dmz (the ASA). That's it.
At the moment trying to replicate the setup on the bench and configure as much as I can before driving 4 hrs to deploy it. Not having much joy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide