01-15-2013 07:56 AM
Hello,
We have site A with ASA 520, connected to internet with public IP, and site B connected to internet with private IP, because internet connection is shared with other companies in the building (we can't modify internet access point).
We would like to install another ASA 520 in site B, behind the private IP, and create a VPN IPSec between both site.
Is it possible to initiate a VPN site-to-site IPSec tunnel between an ASA with private IP and another with public IP ?
Thanks very much
Francisco
01-15-2013 08:45 AM
Hi,
One option that might be better suited for your situation would be to use EasyVPN / Hardware VPN Client.
In this case the site which cant use a Static Public IP address would act as a VPN Client. The actual ASA would connect to the central ASA with a VPN connection as long as it had some sort of Internet connectivity. (even through a shared public PAT IP address).
Therefore you could connect the 2 sites.
Here are some link for reference (both Cisco and Non Cisco)
ASA to PIX Server-Client setup (Cisco Document)
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805c5ad9.shtml
ASA5510 and ASA5505 Server-Client setup (Non Cisco)
http://www.petenetlive.com/KB/Article/0000337.htm
- Jouni
01-16-2013 12:52 AM
Thanks very much Jouni
01-15-2013 09:40 AM
Just to add on Jounis answer (that is probably the best/easiest solution):
1) This setup with the hardware-client only works with the 5505, you can't use an ASA 5520 on the branch with the private IP for that. But the 5505 will probably be enough.
2) For your original question: Yes, it would also work with a traditional VPN-setup, but only the branch can initiate the connection.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
01-16-2013 12:53 AM
Hi Karsten,
Thanks for this note
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide