09-03-2014 07:49 AM
Hi
Anybody knows if a remote access VPN (ASA) behind another firewall with NAT (Checkpoint), works fine?
I need configure a SSL remote access vpn in a ASA 5512-X but the ASA is in a DMZ of a checkpoint firewall that have the public IP and the internet connection.
Thanks.
Andres
Solved! Go to Solution.
09-03-2014 09:03 AM
Yes. I've used ASA remote access SSL VPN when the ASA outside interface is behind another firewall that is NATting the address. As long as the second firewall is allowing tcp/443 (SSL, assuming a default setup) it works fine.
For an IPsec VPN a few more ports are required (udp/500 and 4500 typically).
09-04-2014 12:25 AM
Hi Andres,
There shouldn't be any issue with your scenario.... If you have the proper routing, flows and NAT in place to allow the VPN traversal..... it will work..... We have deployed many setup's like this... but i have not yet tried with check point fw....
NAT on Check point FW --- say 1.1.1.1 NATed to Outside Interface of ASA 172.16.0.1
Flow : 443 to 1.1.1.1/172.16.0.1 from any or specific range of public stack.
Routing needs to be there.....
Regards
Karthik
09-03-2014 09:03 AM
Yes. I've used ASA remote access SSL VPN when the ASA outside interface is behind another firewall that is NATting the address. As long as the second firewall is allowing tcp/443 (SSL, assuming a default setup) it works fine.
For an IPsec VPN a few more ports are required (udp/500 and 4500 typically).
09-03-2014 03:24 PM
Thanks Marvin, i will test in my environment
09-04-2014 12:25 AM
Hi Andres,
There shouldn't be any issue with your scenario.... If you have the proper routing, flows and NAT in place to allow the VPN traversal..... it will work..... We have deployed many setup's like this... but i have not yet tried with check point fw....
NAT on Check point FW --- say 1.1.1.1 NATed to Outside Interface of ASA 172.16.0.1
Flow : 443 to 1.1.1.1/172.16.0.1 from any or specific range of public stack.
Routing needs to be there.....
Regards
Karthik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide