Design question

[boymarty24]

Hi!

We have a customer with one ASA5505 base license. They are going to get connected to another company by VPN. This company is very strict about who´s connecting so instead of using the ASA as VPN device they have configured and shipped a cisco 800 router. This router is configured with a public IP range on the LAN side ( not on the same network as ours ) and the WAN side is configured with one of our public IP´s. Every client on our network need to have access to the VPN. I have no possibilty to change the configuration on the 800 router.

I know i can put another ASA to use with the 800 but then i will get asymmetric routing and i rather skip that.

I was wondering if upgrading the ASA to a sec plus license can help me?

Any of you pro´s have any idea?

 

[Supergrrover]

They have public ips on both ends and WAN is one of your public IPs????

I would like to see how they propose to set this up (topology and all.) If you get the sec plus license, you can make a real DMZ and run it off that, but I am not really understanding their "planZ & schemeZ."

other that that, the sec plus isn't much help.

Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[mahlad29]

Wha?

20 yrs old, working towards my CCNP. Looking for a new job
02472

 

[boymarty24]

Hi,

Yes i know. They have shipped a configured router for access to their network. The WAN public IP is one of ours ( not beeing used of course ) but the LAN side is as i said a public network ( .252 ) The Public IP on the LAN side is NOT ours but something the configured.

So on the cisco router WAN side 60.60.60.5 and lan side 80.80.80.5. 60.60.60.0/28 is my assigned public IP´s from the ISP.

Sorry for the bad explaination on my first post, i was really tired when i added the post.

 

[boymarty24]

Attached a simple layout. So VPN networks have to travel through the 800 router. As you said Brent i assume a full DMZ will do this the best way but how exactly.