So ASA has two connections to

sendalot7 · ‎11-24-2014

As per attached diagram, ATM1 is my ISP modem/router that gives internet(WAN) to R1. R1 connects to an ASA for Remote SSL VPN.

R1 also connects to SW1, R2, R3, SW2 and rest of network.

Is it possible to set up in a way where hosts connecting to the ASA remotely on SSL, can act as if they are one of the hosts connected to devices off SW1?

Let's say I only have one public IP.

Something along the line of static NAT, etc?

Thanks.

Karsten Iwen · ‎11-25-2014

Do you still need the router when you have the ASA? If you could replace the router by the ASA the whole setup would be more easy.
If the router is still needed, I would connect the ASAs outside interface with a different router-interface (or subinterface). The ASAs inside interface can be connected to your internal network. If you assign VPN-addresses from the local subnet you don't even need NAT on the ASA. The ASA needs adefault-route to the router in the ASAs outside network and a tunneled default-route to the routers inside interface. On the router you have to forward UDP/443 and TCP/443 to the ASAs outside IP-address.

sendalot7 · ‎11-25-2014

So ASA has two connections to the router? One outside and inside interface?

Karsten Iwen · ‎11-25-2014

> So ASA has two connections to the router? One outside and inside interface?

Yes, that's the reason the ASAs outside interface has to be in a different subnet, different interface on the router.

ASA behind router configuration