ForumBlogPractice SubnettingFeed Aggregator *   * Log in
« »

PIX/ASA – Failover, LAN to LAN IPsec VPN, Remote Access VPN

 		posted in Cisco Networking, Technical
by roggy on January 14th, 2010 tags: , , , , ,

 

I am sure that those who stop by this blog have been affected by the recession and cut backs in one way or another. As a consultant, I find myself having to adapt to customer’s requirements and take on fields that had been previously picked up by someone else. In a rare moment of introspection I was reminded of a quote: “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.” It is this quote that is the basis for this “how to”. If you are a CCNA or normally just an R&S guy, who have been asked to put on another “hat” for the time being then this is for you.

The scenario is that your company has decided to use the “internet as its backbone” instead of using telco provided dedicated lines to cut back on costs (similar to this article on MPLS based VPNs). You, being the “Cisco guy”, have to set up a PoC (proof of concept) for a small network with the following features:

1) Redundancy at the Head Office (Failover)
2) LAN to LAN IPsec VPN
3) Remote Access VPN
4) Remote workers to have access to the Internet through Hub via U-turning
5) Remote workers to have access to the Spoke
6) Remote workers to have access to their local LAN
7) Remote workers to be restricted in the web services they can access via downloadable ACLs

This is a diagram of the lab we will be setting up:

PIX/ASA Failover

Part 1

Intro, Initial GNS lab Setup, Basic Connectivity, Setting up Failover

Part 2

Setting up NAT, Basic Failover testing, LAN 2 LAN IPsec VPN, Remote Access IPsec VPN (PIX), Remote Access IPsec VPN (client), Testing!

Part 3

Allowing Internet Access (u-turning/internet on a stick), Allowing Local LAN access, VPN Client access to the Spoke, Configuring Downloadable ACLs

Check out roggy’s blog for more Cisco technical articles.

2 Responses to “PIX/ASA – Failover, LAN to LAN IPsec VPN, Remote Access VPN”

  1. expaddy
    January 15, 2010 at 11:37 AM

    Thanks very much for this, it will prove useful in the near future.
  2. kelvin
    April 12, 2010 at 7:45 AM

    Thanks you very much Roggy!!
    Last a few day, I could successfully configure Hairpinning or U-turn to my ASA5510 at my work. This video is awesome !!

Leave a Reply

You must be logged in to post a comment.