Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
2
Replies

Remote Access VPN set up when ASA is not the Edge device

CSCO11722822
Level 1
Level 1

‎03-30-2017 10:08 AM

Hello,

I have the following configuration:

                                                                           (out)            (in)

ISP device  ----  tunnel provider dev --------------------  ASA  ------------------------- LAN

        (pub IP)    (Pub IP)             (Int IP)             (Int IP)    (LAN IP)       

The ISP router is connected to the Tunnel provider device they both use public IPs, Tunnel provider device is connected to the ASA they both use internal IPs from the provider, let say ASA interface OUTSIDE get and internal IP from the provider, the question is how can I set up Remote access VPN on the ASA if it is not the edge device I mean it has no Public IPs? Is it possible?

Thanks,

 

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎04-06-2017 06:43 AM

It is possible to do this and I have successfully configured ASA for Remote Access VPN when the ASA was inside the network (not the edge device) and the ASA has a private IP address on its outside interface. What is required for this to work is that the tunnel provider must have a static address translation so that some public IP is translated to the IP used on the ASA interface. Whether your tunnel provider is willing to do this (and therefore whether it is really possible for you to achieve this) is something you need to discuss with your tunnel provider.

HTH

Rick

HTH

Rick
0 Helpful

Kuat Bakenov
Level 1
Level 1

‎04-19-2017 09:54 AM

 change you network design.

0 Helpful
Customers Also Viewed These Support Documents