Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
1
Replies

Remote User VPN across interfaces 5510

John Early
Level 1
Level 1

‎05-06-2013 10:53 AM

I have a client that wants to segment their wireless network behind their ASA.  We currently have a normal setup, 5510, 2 interfaces, outside, inside.  On the inside network there are Cisco Wireless APs that allow for internal access to the network.  We want to move the APs to a new interface on the ASA and only allow traffic bettwen this new "Wireless" network and the internal network by using remote user VPN.  So my question is, can you use remote user VPN from the new Wireless network to the inside network?? 

Labels:
0 Helpful
1 Reply 1

Nikhil Thakur
Cisco Employee
Cisco Employee

‎05-06-2013 01:59 PM

Hi John,

You should be able to achieve this by configuring the following:

  • A new interface (you could name it Wireless-network or something) the same way outside and inside interfaces are configured. You could assign a security level to this interface to a value less than 100.
  • Configuring Remote Access VPN and allowing the internal network in the split-tunnel ACL using 'tunnelspecified' policy under group-policy attributes. Not to forget, enable VPN services (SSL or IPSec) on the newly created wireless interface.
  • Configuring static NAT for the source and destination network depending upon the code you're running on your device.
  • Enabling 'same-security-traffic permit intra-interface' in the global configuration mode.

Let me know if you've further questions.

HTH!

Regards,

Nick

P.S. If you find this post helpful, please rate it and mark it as 'Answered' if it answers your initial query.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents