Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
559
Views
0
Helpful
2
Replies

VPN Ipsec routing

Go to solution
AQUALUNGAMERICA
Level 1
Level 1

‎01-23-2013 10:03 AM - edited ‎02-21-2020 06:39 PM

Morning,

     I have a Cisco 5520 ASA running 8.4(5). When using a VPN ipsec client, and it connects to the LAN, how does the connection interpret traffic on return. At present I have all my servers pointing to the gateway on our old firewall. I have a different gateway on the new Cisco Firewall. It is a transitionary phase as we will permanently have only one firewall the Cisco ASA 5520. For testing purposes, we want to test out the VPN client configuration with our Radius server before we cut over. The test users will need to connect to the resources on the corporate network. Will I need to put a route on the old firewall so when the VPN packets hit the servers they will know how to return to the VPN tunnel or will the source and destination address already be taken into account so when the VPN tunnel hits the server, the packets will return to the tunnel. The VPN Cisco client is not using NAT in its configuration. Once we feel the testing has passed, we will change the gateway of the Cisco ASA 5520 to match the existing gateway for all the resources on the network.

Advice or information would be greatly appreciated?

Thank you

Carlos

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎01-23-2013 10:22 PM

On the ASA you configure an IP-address-pool for the client. This pool should be alligned on subnet-borders. On your infrastructure (central L3-switch or your old firewall) you ace a staric route to the ASA for this pool-network. With that the VPN-answer-packets will flow back to the ASA.


Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎01-23-2013 10:22 PM

On the ASA you configure an IP-address-pool for the client. This pool should be alligned on subnet-borders. On your infrastructure (central L3-switch or your old firewall) you ace a staric route to the ASA for this pool-network. With that the VPN-answer-packets will flow back to the ASA.


Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
AQUALUNGAMERICA
Level 1
Level 1
In response to Karsten Iwen

‎01-24-2013 08:44 AM

Karsten,

     Appreciate it. Thank you.

0 Helpful
Customers Also Viewed These Support Documents