cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
210
Views
0
Helpful
3
Replies

Client access VPN

rituporna111
Level 1
Level 1

Hi Team,

I have query regarding configuring remote client vpn.

The scenario is we have ASA firewall connected to two  cisco routers(R1 and R2) with different security zones.

Form ASA to R1 default route has been configured for internet users and towards R2 static route is configured.

Now the requirement is we need to setup client access VPN on R2 to where static route is configured.

I think we cant configure 2 default routes from single asa.

If we configure client VPN on R1default routes(To where default route is configured from ASA) we need to give 2 default routes for 2 different ISP,is it possible?

Thanks and Regards,

Rituporna Sarma

3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

I'm struggling to visualise the issue.  Can you add a diagram?

Hi Dath,

My network diagram is attached with this mail.

There are 4 routers R1,R2,R3 and R4.

R1 and R2 we are using mainly for Intranet traffic and R2 and R3 for internet traffic.

In all routers 1 default route is configured for individual ISP.

Behind R1 and R2(Intranet) ASA is configured and behind R3 and R4(Internet) fortinet firewall is configured.

Behind ASA server segment is situated. 

ASA and fortinet firewall is directly connected.

There is a default route from asa to fortinet.

Static route from ASA to R1 and ASA to R2.

Default route is configured from fortnet to R3 and currently R4 is not in use.

In R3 we are already using one site to site VPN which is used for accessing servers behind ASA.

The requirement is to configure client vpn to access server behind ASA.

Which device is suitable for this requirement?

Kindly let me know anymore requirements you need to know.

Please 

Thanks and Regards,

Rituporna Sarma

You can terminate the client VPN connections on either R3, since it is already conigured to do crypto, or you could terminate the VPN connections on the ASA.

The nicest solution is to use AnyConnect to the ASA, but this does require an AnyConnect licence.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: