Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
1
Replies

Remote VPN to connect (other locations) Internal Servers which are hosted over MPLS

Mohammed Yaseen Ansari
Level 1
Level 1

‎05-03-2015 08:44 PM

Dear Team,

I have an issue regarding Remote VPN. Users would like to connect to one of our server which is in another country using Existing Remote VPN. Server is reachable via MPLS. Remote VPN configured on Cisco ASA 5505.

What are all changes required here?

Attached connectivity diagram.

Regards,

Yaseen

Labels:
Preview file
3 KB
0 Helpful
1 Reply 1

rizwanr74
Level 7
Level 7

‎05-04-2015 06:36 AM

Hello Br. Mohammed,

 

what you need to enable on your ASA are:

  1) An nat-exemption for the server IP-address or subnet belong to server that residing in another country i.e. nat-exemption between inside to outside interface of your ASA.

  2) If you have enable split-tunnel, then be sure add the remote-MPLS's subnet in the split-tunnel ACL.

  3) Advertise remote-access-users' vpn-dhcp pool address on site MPLS-router wherever your ASA is located, so that other MPLS sites would know where to send that traffic is back.

  4)  Last but not least be sure to add a static route on your ASA to push remote-MPLS's subnet to inside address on your routing device a switch or router.

   

Hope that helps.

Thanks

Rizwan Rafeek.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents