03-30-2017 10:08 AM
Hello,
I have the following configuration:
(out) (in)
ISP device ---- tunnel provider dev -------------------- ASA ------------------------- LAN
(pub IP) (Pub IP) (Int IP) (Int IP) (LAN IP)
The ISP router is connected to the Tunnel provider device they both use public IPs, Tunnel provider device is connected to the ASA they both use internal IPs from the provider, let say ASA interface OUTSIDE get and internal IP from the provider, the question is how can I set up Remote access VPN on the ASA if it is not the edge device I mean it has no Public IPs? Is it possible?
Thanks,
04-06-2017 06:43 AM
It is possible to do this and I have successfully configured ASA for Remote Access VPN when the ASA was inside the network (not the edge device) and the ASA has a private IP address on its outside interface. What is required for this to work is that the tunnel provider must have a static address translation so that some public IP is translated to the IP used on the ASA interface. Whether your tunnel provider is willing to do this (and therefore whether it is really possible for you to achieve this) is something you need to discuss with your tunnel provider.
HTH
Rick
04-19-2017 09:54 AM
change you network design.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide