Options

VPN and ASA

sendalotsendalot Member Posts: 328
in CCNA Security
So for both personal use and 640-554 test,

Would a system including one IOS-operated Router and one ASA appliance allow me to build a VPN?

And connect it to it using Cisco Easy VPN client?

Thanks.
· Share on FacebookShare on Twitter

Comments

  • Options
    RouteMyPacketRouteMyPacket Member Posts: 1,104
    If you have an ASA, that is all you need. You can built multiple VPN types with that alone, Site-to-Site, IPSec, SSL..Clientless VPN

    Or you can configure a router for easy vpn...from a Security standpoint I would focus on ASA for Client VPNs and run through a few site-to-site VPN's with a IOS router
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
    · Share on FacebookShare on Twitter
  • Options
    sendalotsendalot Member Posts: 328
    Like a Cisco ASA behind any ghetto Router would work?
    · Share on FacebookShare on Twitter
  • Options
    RouteMyPacketRouteMyPacket Member Posts: 1,104
    Sure as long as the other router support transparent or bridge mode. Generally the provider will provide you with an Ethernet hand off and we can plug that into our outside interface on our ASA.

    Not sure which Routers from which ISP's support this feature. AT&T Uverse doesn't from what I know.
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
    · Share on FacebookShare on Twitter
  • Options
    sendalotsendalot Member Posts: 328
    What if a Cisco IOS router gets a feed off U-Verse or Comcast and ASA off of IOS router?
    · Share on FacebookShare on Twitter
  • Options
    RouteMyPacketRouteMyPacket Member Posts: 1,104
    Just google your router model from your ISP and see what you an do.

    A workaround would be to assign one of your private IP's to the outside interface of the ASA, then come up with a new internal network and assign an address to the inside, nat that to the outside and your next hop for your "route outside" statement will be your ISP router

    You can test VPN this way :)
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
    · Share on FacebookShare on Twitter
  • Options
    sendalotsendalot Member Posts: 328
    By the way, I am using U-Verse 3800HGV-B modem as a WAN bridge connection.
    · Share on FacebookShare on Twitter
  • Options
    RouteMyPacketRouteMyPacket Member Posts: 1,104
    sendalot wrote: »
    By the way, I am using U-Verse 3800HGV-B modem as a WAN bridge connection.

    That model does not support real bridging. You mean you selected the "Router-Behind-Router Detection"

    How is that working for you?
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
    · Share on FacebookShare on Twitter
  • Options
    sendalotsendalot Member Posts: 328
    I have another Western-Digital N600 home router. It is working, as in computers connected to the WD N600's wireless and wired are being able to connect to internet, etc. (An Ethernet port from 3800HGV-B is feeding "WAN/Internet" port in my N600).

    Now I'm trying to put Cisco router behind it as well.

    (A lot of people did complain that AT&T tech support acting as morons who do not support "bridge" function, but you can work around it).
    · Share on FacebookShare on Twitter
  • Options
    RouteMyPacketRouteMyPacket Member Posts: 1,104
    sendalot wrote: »
    I have another Western-Digital N600 home router. It is working, as in computers connected to the WD N600's wireless and wired are being able to connect to internet, etc. (An Ethernet port from 3800HGV-B is feeding "WAN/Internet" port in my N600).

    Now I'm trying to put Cisco router behind it as well.

    (A lot of people did complain that AT&T tech support acting as morons who do not support "bridge" function, but you can work around it).


    Ok, yeah as long as you have another Router that supports WIFI you're cool..for me I usually NAT because i'm too lazy to go buy another AP

    Cheers

    Let me know if you need any help through your NA Security run
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
    · Share on FacebookShare on Twitter
  • Options
    sendalotsendalot Member Posts: 328
    Now I'm trying to get a feed from the 3800HGV-B to a Cisco IOS router.

    Would this require a lot of work? Do I need to set a static route from the Cisco to the default gateway of the 3800HGV-B? or the ip address of the IOS router's port?

    Thanks.
    · Share on FacebookShare on Twitter
  • Options
    RouteMyPacketRouteMyPacket Member Posts: 1,104
    Your terminology is off, what is a "feed"?

    You mean you are tying to get connectivity to the Internet through the AT&T router? Not sure how the AT&T "bridge" really works.

    Try setting your default route to the next hop, should be your AT&T router right?
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
    · Share on FacebookShare on Twitter
  • Options
    sendalotsendalot Member Posts: 328
    You are correct! Trying to get(feed!) connectivity to the Internet through the AT&T router. Default route then is "ip route 0.0.0.0 0.0.0.0 U-Verse RT's ip?"

    Thanks.
    · Share on FacebookShare on Twitter
  • Options
    mistabrumley89mistabrumley89 Member Posts: 356 ■■■□□□□□□□
    You can setup your default route to send traffic out of the interface if you don't know the IP.
    Goals: WGU BS: IT-Sec (DONE) | CCIE Written: In Progress
    LinkedIn: www.linkedin.com/in/charlesbrumley
    · Share on FacebookShare on Twitter
  • Options
    sendalotsendalot Member Posts: 328
    Hello from my own Cisco Network!! Thanks for all the help ya'll!!!!
    · Share on FacebookShare on Twitter
  • Options
    cmitchell_00cmitchell_00 Member Posts: 251 ■■■□□□□□□□
    Do you have a current diagram setup? I have my ISP serving as the WAN but, I have a ASA 5505 series doing everything else i.e. DHCP, VPN for testing etc... Food for thought.
    · Share on FacebookShare on Twitter
  • Options
    sendalotsendalot Member Posts: 328
    What do you mean by "current diagram?" Are you using ASA as a router?
    · Share on FacebookShare on Twitter
  • Options
    cmitchell_00cmitchell_00 Member Posts: 251 ■■■□□□□□□□
    Yes that is correct of how it was setup etc... However, you have resolved your issue now.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.