Re: Networking problem - Just how to do this?
mikel king wrote: On Jul 19, 2010, at 11:45 PM, elekktrett...@exemail.com.au mailto:elekktrett...@exemail.com.au wrote: The situation is like this: DF Box is on a public IP - 1.1.1.2 - The box is connected to a switch, and the switch is connected to the upstream router - 1.1.1.1 Now, I've also connected another router(Cisco ASA 5505) to the switch. Its also got a public IP - 1.1.1.3 - and the router will be used to establish VPN connections to another network on the internet. The problem is I dont have a private network, the DF box is on a public IP. So I aliased the network interface on the DF Box and gave it a private IP: 10.0.0.2/24. I'm kind of at loss as what to do next. Has anyone been in a similar situation? Worst come worst i'll have to run another cable to the second NIC on the DF Box and split the topology physically. Thanks, Petr Do you have a second NIC in the DF box? The ASA5505 is a firewall security device and not a router therefore do not make the mistake in believing it will behave like a router. Cisco ASA's are persnickety devices and will only VPN from an insecure to a secure interface. If your DF box had a second NIC that you could put on the ASA's secure interface (LAN) then you could VPN via the ASA. This is not optimal and only based on the assumption that you do not want to relocate the DF box completely behind the ASA which is the other option. I hope that helps. Regards, Mikel King Senior Editor, BSD News Network Columnist, BSD Magazine 6 Alpine Court, Medford, NY 11763 o: 631.627.3055 http://www.linkedin.com/in/mikelking http://twitter.com/mikelking Just to clarify, the ASA5505 *IS* a router, it will just not do ICMP-redirects. You would have to put the machines you want to VPN on the inside like suggested, but you could also make an IPSEC tunnel connect directly to your office network from the DF machine. Or if you switch is capable of doing dot1q-vlans, you could have a seperate vlan-interface (virtual nic) on the DF machine connected to the inside of the ASA, and route what ever networks you want to access via VPN with static routes. Best regards, Daniel Bond.
Re: Networking problem - Just how to do this?
On Jul 19, 2010, at 11:45 PM, elekktrett...@exemail.com.au wrote: The situation is like this: DF Box is on a public IP - 1.1.1.2 - The box is connected to a switch, and the switch is connected to the upstream router - 1.1.1.1 Now, I've also connected another router(Cisco ASA 5505) to the switch. Its also got a public IP - 1.1.1.3 - and the router will be used to establish VPN connections to another network on the internet. The problem is I dont have a private network, the DF box is on a public IP. So I aliased the network interface on the DF Box and gave it a private IP: 10.0.0.2/24. I'm kind of at loss as what to do next. Has anyone been in a similar situation? Worst come worst i'll have to run another cable to the second NIC on the DF Box and split the topology physically. Thanks, Petr Do you have a second NIC in the DF box? The ASA5505 is a firewall security device and not a router therefore do not make the mistake in believing it will behave like a router. Cisco ASA's are persnickety devices and will only VPN from an insecure to a secure interface. If your DF box had a second NIC that you could put on the ASA's secure interface (LAN) then you could VPN via the ASA. This is not optimal and only based on the assumption that you do not want to relocate the DF box completely behind the ASA which is the other option. I hope that helps. Regards, Mikel King Senior Editor, BSD News Network Columnist, BSD Magazine 6 Alpine Court, Medford, NY 11763 o: 631.627.3055 http://www.linkedin.com/in/mikelking http://twitter.com/mikelking
Re: Networking problem - Just how to do this?
Do you have a second NIC in the DF box? The ASA5505 is a firewall security device and not a router therefore do not make the mistake in believing it will behave like a router. Cisco ASA's are persnickety devices and will only VPN from an insecure to a secure interface. If your DF box had a second NIC that you could put on the ASA's secure interface (LAN) then you could VPN via the ASA. This is not optimal and only based on the assumption that you do not want to relocate the DF box completely behind the ASA which is the other option. I hope that helps. Yes thats what I thought pretty much. The box has a second NIC so I just used that. Petr
Networking problem - Just how to do this?
The situation is like this: DF Box is on a public IP - 1.1.1.2 - The box is connected to a switch, and the switch is connected to the upstream router - 1.1.1.1 Now, I've also connected another router(Cisco ASA 5505) to the switch. Its also got a public IP - 1.1.1.3 - and the router will be used to establish VPN connections to another network on the internet. The problem is I dont have a private network, the DF box is on a public IP. So I aliased the network interface on the DF Box and gave it a private IP: 10.0.0.2/24. I'm kind of at loss as what to do next. Has anyone been in a similar situation? Worst come worst i'll have to run another cable to the second NIC on the DF Box and split the topology physically. Thanks, Petr
