Options
VPN and ASA
sendalot
Member Posts: 328
So for both personal use and 640-554 test,
Would a system including one IOS-operated Router and one ASA appliance allow me to build a VPN?
And connect it to it using Cisco Easy VPN client?
Thanks.
Would a system including one IOS-operated Router and one ASA appliance allow me to build a VPN?
And connect it to it using Cisco Easy VPN client?
Thanks.
Comments
-
OptionsRouteMyPacket Member Posts: 1,104If you have an ASA, that is all you need. You can built multiple VPN types with that alone, Site-to-Site, IPSec, SSL..Clientless VPN
Or you can configure a router for easy vpn...from a Security standpoint I would focus on ASA for Client VPNs and run through a few site-to-site VPN's with a IOS routerModularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
OptionsRouteMyPacket Member Posts: 1,104Sure as long as the other router support transparent or bridge mode. Generally the provider will provide you with an Ethernet hand off and we can plug that into our outside interface on our ASA.
Not sure which Routers from which ISP's support this feature. AT&T Uverse doesn't from what I know.Modularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
Optionssendalot Member Posts: 328What if a Cisco IOS router gets a feed off U-Verse or Comcast and ASA off of IOS router?
-
OptionsRouteMyPacket Member Posts: 1,104Just google your router model from your ISP and see what you an do.
A workaround would be to assign one of your private IP's to the outside interface of the ASA, then come up with a new internal network and assign an address to the inside, nat that to the outside and your next hop for your "route outside" statement will be your ISP router
You can test VPN this wayModularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
Optionssendalot Member Posts: 328By the way, I am using U-Verse 3800HGV-B modem as a WAN bridge connection.
-
OptionsRouteMyPacket Member Posts: 1,104By the way, I am using U-Verse 3800HGV-B modem as a WAN bridge connection.
That model does not support real bridging. You mean you selected the "Router-Behind-Router Detection"
How is that working for you?Modularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
Optionssendalot Member Posts: 328I have another Western-Digital N600 home router. It is working, as in computers connected to the WD N600's wireless and wired are being able to connect to internet, etc. (An Ethernet port from 3800HGV-B is feeding "WAN/Internet" port in my N600).
Now I'm trying to put Cisco router behind it as well.
(A lot of people did complain that AT&T tech support acting as morons who do not support "bridge" function, but you can work around it). -
OptionsRouteMyPacket Member Posts: 1,104I have another Western-Digital N600 home router. It is working, as in computers connected to the WD N600's wireless and wired are being able to connect to internet, etc. (An Ethernet port from 3800HGV-B is feeding "WAN/Internet" port in my N600).
Now I'm trying to put Cisco router behind it as well.
(A lot of people did complain that AT&T tech support acting as morons who do not support "bridge" function, but you can work around it).
Ok, yeah as long as you have another Router that supports WIFI you're cool..for me I usually NAT because i'm too lazy to go buy another AP
Cheers
Let me know if you need any help through your NA Security runModularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
Optionssendalot Member Posts: 328Now I'm trying to get a feed from the 3800HGV-B to a Cisco IOS router.
Would this require a lot of work? Do I need to set a static route from the Cisco to the default gateway of the 3800HGV-B? or the ip address of the IOS router's port?
Thanks. -
OptionsRouteMyPacket Member Posts: 1,104Your terminology is off, what is a "feed"?
You mean you are tying to get connectivity to the Internet through the AT&T router? Not sure how the AT&T "bridge" really works.
Try setting your default route to the next hop, should be your AT&T router right?Modularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
Optionssendalot Member Posts: 328You are correct! Trying to get(feed!) connectivity to the Internet through the AT&T router. Default route then is "ip route 0.0.0.0 0.0.0.0 U-Verse RT's ip?"
Thanks. -
Optionsmistabrumley89 Member Posts: 356 ■■■□□□□□□□You can setup your default route to send traffic out of the interface if you don't know the IP.Goals: WGU BS: IT-Sec (DONE) | CCIE Written: In Progress
LinkedIn: www.linkedin.com/in/charlesbrumley -
Optionssendalot Member Posts: 328Hello from my own Cisco Network!! Thanks for all the help ya'll!!!!
-
Optionscmitchell_00 Member Posts: 251 ■■■□□□□□□□Do you have a current diagram setup? I have my ISP serving as the WAN but, I have a ASA 5505 series doing everything else i.e. DHCP, VPN for testing etc... Food for thought.
-
Optionssendalot Member Posts: 328What do you mean by "current diagram?" Are you using ASA as a router?
-
Optionscmitchell_00 Member Posts: 251 ■■■□□□□□□□Yes that is correct of how it was setup etc... However, you have resolved your issue now.