Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
793
Views
0
Helpful
4
Replies

asa-vpn

Kiko9
Level 1
Level 1

‎01-23-2022 06:46 AM

hello,
I have two questions
 
is it possible to permanently connect a vpn connection between two cisco asa5508s and who knows how to connect to one network from outside?
 
is a router needed before asa5508? or it can be connection-for example (modem-asa5508-switch-wifi .......)
Labels:
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎01-23-2022 06:52 AM

@Kiko9 yes you can setup an always up tunnel. If running ASA version 9.7 or newer you can use a VTI, which will always be up. Alternatively if use a crypto map you need to regularly generate traffic to keep the tunnel up.

 

If the ASA is behind a modem/router you need to port forward/nat udp/500 and udp/4500 to the ASAs outside interface.

0 Helpful

Kiko9
Level 1
Level 1
In response to Rob Ingram

‎01-23-2022 11:50 PM

Thank you for your response

so asa has a wan port and can change the ip address (NAT)?
 
is the big difference between asa5508-k8 and asa5508-k9?
0 Helpful

Rob Ingram
VIP
VIP
In response to Kiko9

‎01-24-2022 12:21 AM

@Kiko9 any ASA interface can be configured as an outside interface (WAN) and can NAT.

 

The difference between K8 and K9 is the K9 supports stronger encryption.

https://learningnetwork.cisco.com/s/question/0D53i00000Kt3Kl/difference-between-cisco-k8-and-k9-images

 

0 Helpful

Kiko9
Level 1
Level 1
In response to Rob Ingram

‎01-24-2022 03:51 AM

thanks for the explanation

0 Helpful
Customers Also Viewed These Support Documents