Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
866
Views
8
Helpful
5
Replies

Best way to connect a remote site

theelectricwiz
Level 1
Level 1

‎12-05-2012 10:27 PM

Hello,

For my rescue team, I am looking up setting a VPN using ASA 5505s so we can connect a mobile network of computers to our base network of computers. The base network has a static public IP address, but the mobile site will not. I was thinking of using a remote access VPN setup, but I am unsure if I can have a network of computers connecting in to the remote access VPN setup. Is anyone able to steer me in the right direction with the best setup for this situation?

Thank you very much.

Labels:
0 Helpful
5 Replies 5

Jouni Forss
VIP Alumni
VIP Alumni

‎12-05-2012 11:26 PM

Hi,

We have a few setups where we have a customer with Head Office with an ASA firewall and they need to connect some remote locations easily to their Head Office and to be able to connect to the remote sites from Head Office also. Problem has usually been that the remote locations have dynamic changing public IP address so L2L VPN is out of the question.

In those cases if its a small remote location theres usually an ASA5505 acting as a Remote client (Hardware Client) and connecting to the Head office network. It should work and connect to the Head Office as long as it gets the IP address with DHCP for its outside interface.

Heres a link a document about configuring this between Cisco PIX and ASA

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808a61f4.shtml

Or was it something else that you were looking for?

- Jouni

theelectricwiz
Level 1
Level 1
In response to Jouni Forss

‎12-05-2012 11:43 PM

Nope. That is exsactly what I was looking for. Thank you very much.

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to theelectricwiz

‎12-05-2012 11:48 PM

Hi,

OK

The Document I linked probably isnt the most up to date one. You should be able to find some newer ones probably but the above one was just to illustrate the setup.

Naturally you have to take into consideration that if you configure this kind of setup the remote device can be connected anywhere and it will automatically connect to your own network. So in a sense it might be risky if it gets lost though then again nothing is stopping you from removing the AAA information for that Hardware Client from your central device so it cant connect anymore.

Please rate if you found the information helpfull

- Jouni

theelectricwiz
Level 1
Level 1

‎12-12-2012 11:47 PM

Hello,

Have been having a look at the link and some other pages. Am I correct in thinking that the vpnclient can only do IKEv1 (and hence up to SHA1 and DH7)? Is there a way of achieving this in a way that can support IKEv2?

Thank you very much.

Jack

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to theelectricwiz

‎12-13-2012 12:37 AM

Hi,

Sadly I cant comment on this without researching it myself.

I haven't even tried to configure ikev2.

To my understanding ASA softwares from 8.3 have ikev2 available but as I said I havent configure anything related to it yet myself.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents