We are configuring remote access VPN using below topology. we are using router for create a LAN (behind ASA firewall) and one more router to create the ISP environment and one windows PC. there is no need of installing anyconnect software in advance (on PC ). It can be download from ASA by accessing the… Read More »
When users want to connect with corporate LAN as well as internet. In this case, we are having two options: Split Tunneling and Hair pining. If We are using Split tunneling then user can connect with corporate LAN using ASA and to internet directly. If we are using hair pining then user will access the… Read More »
We will configure the trucking (Trunk) with cisco ASA and after that we will allow the LAN (Inside network behind firewall) to access the internet (8.8.8.8 & 4.4.4.4). Below is the topology. R1(LAN-1)—— |—-L2-Switch—ASA—ISP(R3)–Internet(R4)(8.8.8.8 & 4.4.4.4)R2(LAN-2)—— ASA int g0/0no shutint g0/0.10vlan 10nameif inside-1security-level 80ip add 10.10.10.254 255.255.255.0 int g0/0.20vlan 20nameif inside-2security-level 90ip add 20.20.20.254 255.255.255.0… Read More »
First, We will configure site to site VPN using IKE1 and dynamic peer and after that we will establish spoke to to spoke communication. Below is topology: PC1—–(G0/0)ASA-1(G0/1)——-ISP——-(G0/1)ASA-3(G0/0)——PC3 | ———-(G0/1)ASA-2(G0/0)——PC2 This scenario is useful when we are having multiple sites connected to headend and these sites get the dynamically public IP address from ISP. Hence,… Read More »
, PC1——(G0/0)ASA-1(G0/1)——R1(ISP)——-(G0/0)ASA-2(G0/1)—PC2 Below configuration is tested in virtual LAB and it works fine. ISP (R1) interface FastEthernet0/0ip address 199.1.1.1 255.255.255.252no shut!interface Ethernet1/0ip address 55.1.1.1 255.255.255.252no shut ASA-1 interface GigabitEthernet0/0nameif insidesecurity-level 100ip address 10.10.10.254 255.255.255.0no shut!interface GigabitEthernet0/1nameif outsidesecurity-level 0ip address 199.1.1.2 255.255.255.252no shut route outside 0.0.0.0 0.0.0.0 199.1.1.1 1 crypto ikev1 enable outsidecrypto ikev1 policy 10authentication… Read More »