cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
418
Views
0
Helpful
1
Replies
Highlighted
Beginner

How to route from Internet router to Intenal LAN through ASA firewall

Dear all experts,

        I used the GRE tunnel site to site VPN with 2 cisco 1841 routers. Behind one of the router R1, I used cisco ASA 5510, now my vpn is connect between two routers, but from R2 other site cannot access to LAN behind the firewall. From R1, also cannot route to local network, from local network can access to R1, I think cause of NAT . So how to configure to route internal network from R1 & R2 with VPN.

      This is scenario :

(( LAN )) ---> [ ASA ] ----> { R1 } ==== GRE Tunnel ===== { R2 } <------- VoIP

|

|

\/

Call Manager (cisco 2851) -----------> PSTN

>>>>>>>>>>>>>>>>>>>>

ASA is not support GRE tunnel and we want to use VoIP phone from R2 site to R1 site  over GRE tunnel . Please advise me how should I do. Thanks

1 REPLY 1
Highlighted
Beginner

Hi Nyein,

If the local lan's default gateway is ASA and ASA's default gateway is R1 then following configuration is required:-

pixfirewall(config)#policy-map global_policy
pixfirewall(config-pmap)#class inspection_default
pixfirewall(config-pmap-c)#inspect pptp
pixfirewall(config-pmap-c)#inspect sip

"inspect pptp" is for GRE traffic and "inspect sip" is for voip traffic.

Hope this helps.

Regards,

Parminder Sian