Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
206
Views
0
Helpful
1
Replies

Static to behind NAT - Hardware VPN connection

chris.l.evans
Level 1
Level 1

‎08-27-2015 09:27 AM

I’m trying to configure a remote ASA that will create a VPN tunnel from behind a 3rd party firewall. I need to have a mobile work force able to connect without an outside IP access. Most locations will have guest network access but it will be on a VLAN with NAT. My hope is that the included image helps to convey what I’m trying to accomplish.

I’ve made lots of site to site VPNs and run a number of client VPNs. I’m just having a hard time making this connection.

VPN Config

My questions:

Can this be done with ASA’s / Do I have the wrong devices for the job?

Do you know where I may find some enlightening documentation to help my endeavors?

Best Regards
-C

 

Labels:
0 Helpful
1 Reply 1

chris.l.evans
Level 1
Level 1

‎09-01-2015 08:14 AM

You can use ASA's to make this kind of connection. However you need UPD 500 & 4500 to not be explicitly blocked by the ISP, normally not an issue. 

Here is some information on how to do it:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119007-config-asa9x-ike-ipsec-00.html

Side note unlike a site to site VPN you don't want to create an ACL on the Corporate ASA side. Also if you use PFS (Perfect Forwarding Secrecy) be sure it matches. :) 

0 Helpful
Customers Also Viewed These Support Documents