Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
5
Helpful
2
Replies

ASA 5505 on the inside

larlid001
Level 1
Level 1

‎03-31-2016 02:58 AM

Hi!

| internet  <-> Cisco Router <-> ASA 5505 |

I have the above configuration and would like to forward only VPN traffic to my asa 5505

I made this statement in Cisco Router (Cisco 892):

ip nat inside source static udp 192.168.0.101 500 interface GigabitEthernet8 500

I’m hoping this line routes outside udp traffic on port 500 to ip address 192.168.0.101 on the inside (and back).

The reason i have the asa on the inside is because the cisco router has gigabit interfaces, while the asa only has fast ethernet interfaces, and I only need the ASA for remote access vpn clients.

My next problem I have is in the asa 5505 configuration, which is more of a guess. What I’m hoping for is remote VPN access for clients:

Some lines from my configuration:

Labels:
Preview file
34 KB
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎03-31-2016 03:11 AM

You also need to forward udp/4500 for your VPN to work.

And you should upgrade the ASA to the newest 8.2 interim release.

Or you could dump the ASA completely if it's only doing RA-VPN. The Cisco 892 is also capable of RA-VPNs.

larlid001
Level 1
Level 1
In response to Karsten Iwen

‎03-31-2016 04:18 AM

Thanks for the answer. I will try configuring both using only 892 and asa (not at the same time).

Thanks, Lars.

0 Helpful
Customers Also Viewed These Support Documents