Re: VPN Advice

rustamovea · ‎05-28-2011

I need an advice with my vpn design.

I have two cisco ASA 5505 devices and two cisco switches plugged to ASAs in each office. I need to create a VPN tunnel between two offices.

Network behind the ASA1 in office1 is 192.168.1.0/24 with DHCP server – 192.168.1.10

Networks behind the ASA2 in office2 are 192.168.5.0/25; 192.168.5.128/26 and 192.168.5.192/26

All computers in office2 need to get IPs from DHCP server 192.168.1.10. I have switch in office2 with 3 VLANS and I can assign computers from different subnets to different VLANs.

How can I archive this goal? Should I assign 3 IPs for ASA2 inside interface (192.168.5.1, ...5.129, ...5.193) as a default gateways for each subnet? Should I put dhcp helper address 192.168.1.10 on the switch for each VLAN?

rustamovea · ‎05-31-2011

Any suggestion?

Suresh Varghese · ‎05-31-2011

hi,

the first thing is your DHCP server is on a different subnet in office 1.

Secondly you can configure dhcpd command and make the ASA to work as a dhcp server.

What i would suggest is to create dhcpd commands on both ASA where the second office ASA will carry 3 different dhcpd configs which will automatically assign IP to their respective clients.

dhcpd dns XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX

dhcpd ping_timeout 100

dhcpd address XXX.XXX.XXX.XXX-XXX.XXX.XXX.XXX inside

dhcpd enable inside

once you have achieved that part then create a tunnel between the 2 ASA and assign appropriate ACls for connectivity.

Thanks

rustamovea · ‎05-31-2011

Then I need 3 different default gateways for each subnet.

How can I assign 3 different IPs for inside interface of the cisco ASA? I use asa 5505 base license.

Thanks,

Suresh Varghese · ‎05-31-2011

Maybe u could try creating a seperate or one more vlan on the switch with 2-3 ports and assign vlan X to it. This will act as a trunk port.

on the ASA create the vlan X and that will server as your gateway. Connect your ASA to the vlan X.