Installing an ASA on a production network.....help!
tomset
Member Posts: 79 ■■□□□□□□□□
I have an ASA 5505 that I use on my home network so I'm fairly familiar with how to configure them. But now I'm tasked with installing one here at work on our production network. I feel pretty comfortable with the task with the exception of one thing.........remote access VPN.
I've got a couple of questions that have been rolling around in my head:
-When users VPN into the firewall from the internet and they're assigned an IP from the predefined pool, does the ASA consider those VPN users as residing on the outside interface or the inside interface?
-How do I allow VPN users (10.5.5.0/24) to access the ASDM directly (10.2.2.254)?
-What do I need to do to allow VPN users (10.5.5.0/24) full access to the inside network (10.2.2.0/24)?
-More specifically, what do I need to do to allow VPN users full access to the Windows Server 2003 domain (file sharing, network share access, etc.)?
Any help on these topics would be greatly appreciated!!
I've got a couple of questions that have been rolling around in my head:
-When users VPN into the firewall from the internet and they're assigned an IP from the predefined pool, does the ASA consider those VPN users as residing on the outside interface or the inside interface?
-How do I allow VPN users (10.5.5.0/24) to access the ASDM directly (10.2.2.254)?
-What do I need to do to allow VPN users (10.5.5.0/24) full access to the inside network (10.2.2.0/24)?
-More specifically, what do I need to do to allow VPN users full access to the Windows Server 2003 domain (file sharing, network share access, etc.)?
Any help on these topics would be greatly appreciated!!
Next up:
CCIP
CCIP
Comments
-
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
tomset wrote:I have an ASA 5505 that I use on my home network so I'm fairly familiar with how to configure them. But now I'm tasked with installing one here at work on our production network. I feel pretty comfortable with the task with the exception of one thing.........remote access VPN.
I've got a couple of questions that have been rolling around in my head:
-When users VPN into the firewall from the internet and they're assigned an IP from the predefined pool, does the ASA consider those VPN users as residing on the outside interface or the inside interface?
They will be on the outside and a static route will be added to the routing table when they connect.tomset wrote:-How do I allow VPN users (10.5.5.0/24) to access the ASDM directly (10.2.2.254)?
management-interface inside
http 10.5.5.0 255.255.255.0 inside
(assuming your inside interface is named "inside")
if nat-control is off, nothing other than ensuring the ASA has a route to the remote networktomset wrote:-What do I need to do to allow VPN users (10.5.5.0/24) full access to the inside network (10.2.2.0/24)?tomset wrote:-More specifically, what do I need to do to allow VPN users full access to the Windows Server 2003 domain (file sharing, network share access, etc.)?
again if nat-control is off, nothing except a route to the destination network.tomset wrote:Any help on these topics would be greatly appreciated!!The only easy day was yesterday!