cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
474
Views
0
Helpful
4
Replies

asa-vpn

Kiko9
Beginner
Beginner
hello,
I have two questions
 
is it possible to permanently connect a vpn connection between two cisco asa5508s and who knows how to connect to one network from outside?
 
is a router needed before asa5508? or it can be connection-for example (modem-asa5508-switch-wifi .......)
4 Replies 4

Rob Ingram
VIP Expert VIP Expert
VIP Expert

@Kiko9 yes you can setup an always up tunnel. If running ASA version 9.7 or newer you can use a VTI, which will always be up. Alternatively if use a crypto map you need to regularly generate traffic to keep the tunnel up.

 

If the ASA is behind a modem/router you need to port forward/nat udp/500 and udp/4500 to the ASAs outside interface.

Thank you for your response

so asa has a wan port and can change the ip address (NAT)?
 
is the big difference between asa5508-k8 and asa5508-k9?

@Kiko9 any ASA interface can be configured as an outside interface (WAN) and can NAT.

 

The difference between K8 and K9 is the K9 supports stronger encryption.

https://learningnetwork.cisco.com/s/question/0D53i00000Kt3Kl/difference-between-cisco-k8-and-k9-images

 

thanks for the explanation

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers