|
|
|
|
|
|
|
Posted by Tim Roelands on October 26, 2008, 12:44 pm
Please log in for more thread options
Hi,
I'm a kind of a Cisco newbie and like to see some questions answered I do
not understand...
Situation;
Using an Linksys router controlling my internetconnection (static IP).
Behind this Linksys router my Cisco ASA 5505 appears. The question is: to
setup a VPN remote connection is it required to forward some kind of port
(NAT) in my Linksys to reach the Cisco when trying to connect from the
internet with a VPN client? I'm doubt the software can reach the Cisco for
authentication because it is blocked by my Linksys. On the other hand, I do
need my Linksys to setup my internet connection...If anyone can help, would
be great!
|
|
Posted by Doug McIntyre on October 26, 2008, 1:17 pm
Please log in for more thread options
>I'm a kind of a Cisco newbie and like to see some questions answered I do
>not understand...
>Situation;
>Using an Linksys router controlling my internetconnection (static IP).
>Behind this Linksys router my Cisco ASA 5505 appears. The question is: to
>setup a VPN remote connection is it required to forward some kind of port
>(NAT) in my Linksys to reach the Cisco when trying to connect from the
>internet with a VPN client? I'm doubt the software can reach the Cisco for
>authentication because it is blocked by my Linksys. On the other hand, I do
>need my Linksys to setup my internet connection...If anyone can help, would
>be great!
Having your linksys up ahead of the ASA really limits the ASA, as
you're going to be duplicating everything inbound on the Linksys, and
then the ASA. Certain things will also be broken.
I'd investigate options to remove the Linksys device, whatever it may
be (you don't detail what it actually is, Linksys makes a few
different types of routers), or to bypass its NAT functions somehow
with your upstream (ie. buying more routed IPs, etc).
If its possibly, you'd need to have the linksys router forward all
IPSec protocol packets (not just ports, but actually protocol) as well
as UDP port 500. Also, your VPN option will need to have NAT-T turned
on on both sides (ie. server and client).
|
|
Posted by Tim Roelands on October 26, 2008, 2:14 pm
Please log in for more thread options
>>I'm a kind of a Cisco newbie and like to see some questions answered I do
>>not understand...
>>Situation;
>>Using an Linksys router controlling my internetconnection (static IP).
>>Behind this Linksys router my Cisco ASA 5505 appears. The question is: to
>>setup a VPN remote connection is it required to forward some kind of port
>>(NAT) in my Linksys to reach the Cisco when trying to connect from the
>>internet with a VPN client? I'm doubt the software can reach the Cisco for
>>authentication because it is blocked by my Linksys. On the other hand, I
>>do
>>need my Linksys to setup my internet connection...If anyone can help,
>>would
>>be great!
> Having your linksys up ahead of the ASA really limits the ASA, as
> you're going to be duplicating everything inbound on the Linksys, and
> then the ASA. Certain things will also be broken.
> I'd investigate options to remove the Linksys device, whatever it may
> be (you don't detail what it actually is, Linksys makes a few
> different types of routers), or to bypass its NAT functions somehow
> with your upstream (ie. buying more routed IPs, etc).
> If its possibly, you'd need to have the linksys router forward all
> IPSec protocol packets (not just ports, but actually protocol) as well
> as UDP port 500. Also, your VPN option will need to have NAT-T turned
> on on both sides (ie. server and client).
Well...that makes it more complex then I expected..... :(....My linksys is
an RV042 and my ISP provides routed subnet internet, so I got more then one
static public IP addresses.
I found out that port 0 on my Cisco manages the outside area, so the
internet side. Would be create if I could use port 0 to connect direct to my
routed subnet modem, but I can't....the Linksys must be installed between,
else there is no go...
Can you give me an advice about using a good router witch can handle routed
subnet internet with an straight throughput, not interfairing with my Cisco?
|
|
Posted by Andrew Hodgson on October 26, 2008, 2:31 pm
Please log in for more thread options wrote:
>>>I'm a kind of a Cisco newbie and like to see some questions answered I do
>>>not understand...
>>
>>>Situation;
>>
>>>Using an Linksys router controlling my internetconnection (static IP).
>>>Behind this Linksys router my Cisco ASA 5505 appears. The question is: to
>>>setup a VPN remote connection is it required to forward some kind of port
>>>(NAT) in my Linksys to reach the Cisco when trying to connect from the
>>>internet with a VPN client? I'm doubt the software can reach the Cisco for
>>>authentication because it is blocked by my Linksys. On the other hand, I
>>>do
>>>need my Linksys to setup my internet connection...If anyone can help,
>>>would
>>>be great!
>>
>>
>> Having your linksys up ahead of the ASA really limits the ASA, as
>> you're going to be duplicating everything inbound on the Linksys, and
>> then the ASA. Certain things will also be broken.
>>
>> I'd investigate options to remove the Linksys device, whatever it may
>> be (you don't detail what it actually is, Linksys makes a few
>> different types of routers), or to bypass its NAT functions somehow
>> with your upstream (ie. buying more routed IPs, etc).
>>
>> If its possibly, you'd need to have the linksys router forward all
>> IPSec protocol packets (not just ports, but actually protocol) as well
>> as UDP port 500. Also, your VPN option will need to have NAT-T turned
>> on on both sides (ie. server and client).
>>
>Well...that makes it more complex then I expected..... :(....My linksys is
>an RV042 and my ISP provides routed subnet internet, so I got more then one
>static public IP addresses.
Grate on the multiple static IP addresses bit...
>I found out that port 0 on my Cisco manages the outside area, so the
>internet side. Would be create if I could use port 0 to connect direct to my
>routed subnet modem, but I can't....the Linksys must be installed between,
>else there is no go...
Since that model uses an Ethernet WAN port, what is upstream of your
Linksys? How is the Linksys connecting to the Internet - i.e, does it
use some type of PPPOE authentication? I think you should be able to
accomodate this on the ASA. BTW, the default ASA configuration puts
the first ethernet port on the outside interface, and uses DHCP to
obtain an IP address. It should be just a matter of changing these
options in the VLAN2 interface (the outside interface).
Andrew.
|
|
Posted by Tim Roelands on October 26, 2008, 4:17 pm
Please log in for more thread options
> wrote:
>>
>>>>I'm a kind of a Cisco newbie and like to see some questions answered I
>>>>do
>>>>not understand...
>>>
>>>>Situation;
>>>
>>>>Using an Linksys router controlling my internetconnection (static IP).
>>>>Behind this Linksys router my Cisco ASA 5505 appears. The question is:
>>>>to
>>>>setup a VPN remote connection is it required to forward some kind of
>>>>port
>>>>(NAT) in my Linksys to reach the Cisco when trying to connect from the
>>>>internet with a VPN client? I'm doubt the software can reach the Cisco
>>>>for
>>>>authentication because it is blocked by my Linksys. On the other hand, I
>>>>do
>>>>need my Linksys to setup my internet connection...If anyone can help,
>>>>would
>>>>be great!
>>>
>>>
>>> Having your linksys up ahead of the ASA really limits the ASA, as
>>> you're going to be duplicating everything inbound on the Linksys, and
>>> then the ASA. Certain things will also be broken.
>>>
>>> I'd investigate options to remove the Linksys device, whatever it may
>>> be (you don't detail what it actually is, Linksys makes a few
>>> different types of routers), or to bypass its NAT functions somehow
>>> with your upstream (ie. buying more routed IPs, etc).
>>>
>>> If its possibly, you'd need to have the linksys router forward all
>>> IPSec protocol packets (not just ports, but actually protocol) as well
>>> as UDP port 500. Also, your VPN option will need to have NAT-T turned
>>> on on both sides (ie. server and client).
>>>
>>
>>Well...that makes it more complex then I expected..... :(....My linksys is
>>an RV042 and my ISP provides routed subnet internet, so I got more then
>>one
>>static public IP addresses.
> Grate on the multiple static IP addresses bit...
>>
>>I found out that port 0 on my Cisco manages the outside area, so the
>>internet side. Would be create if I could use port 0 to connect direct to
>>my
>>routed subnet modem, but I can't....the Linksys must be installed between,
>>else there is no go...
> Since that model uses an Ethernet WAN port, what is upstream of your
> Linksys? How is the Linksys connecting to the Internet - i.e, does it
> use some type of PPPOE authentication? I think you should be able to
> accomodate this on the ASA. BTW, the default ASA configuration puts
> the first ethernet port on the outside interface, and uses DHCP to
> obtain an IP address. It should be just a matter of changing these
> options in the VLAN2 interface (the outside interface).
Andrew,
Routed subnet doesn't use PPPoE...The point is that port 0 can be configured
with a static IP (needed and configured in my Linksys), but I can't
configure any gateway and DNS in my ASA then.....what is necessary to get it
connected properly...Otherwise I could connect my ASA directly to my routed
subnet modem provided by my ISP....
|
| Similar Threads | Posted |
| NAT needed reaching ASA 5505? | October 26, 2008, 12:44 pm |
| ASA ver. 7.0 - reaching RADIUS trough VPN | September 5, 2008, 10:20 am |
| ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated | June 16, 2007, 8:21 am |
| 5505 - IPS/IDS | July 9, 2007, 5:42 pm |
| ASA 5505 help | July 16, 2007, 11:54 am |
| VPN help needed!!! | December 13, 2005, 2:15 pm |
| IS RIP NEEDED | June 26, 2007, 1:54 pm |
| Help Needed | April 14, 2008, 5:12 pm |
| ACL help needed... | November 10, 2009, 3:06 pm |
| Problem with VPN on ASA 5505 | November 21, 2007, 3:49 pm |
| Cisco ASA 5505 - please help | December 3, 2007, 8:28 am |
| Pix 501 Versus ASA 5505 | December 22, 2007, 2:48 pm |
| CCNa w/ 5505 | February 2, 2008, 10:03 pm |
| ASA 5505 USB "Future Use" | February 6, 2008, 2:44 pm |
| ASA 5505 vs 5510 | February 20, 2008, 9:14 am |
NAT needed reaching ASA 5505?
Yahoo!
Google
Windows Live
del.icio.us
digg
Netscape
>not understand...
>Situation;
>Using an Linksys router controlling my internetconnection (static IP).
>Behind this Linksys router my Cisco ASA 5505 appears. The question is: to
>setup a VPN remote connection is it required to forward some kind of port
>(NAT) in my Linksys to reach the Cisco when trying to connect from the
>internet with a VPN client? I'm doubt the software can reach the Cisco for
>authentication because it is blocked by my Linksys. On the other hand, I do
>need my Linksys to setup my internet connection...If anyone can help, would
>be great!