|
chava20
7 posts
 |
I'm trying to create a lab for two seperate networks accessing another remote network over public internet over vpn using the following equipment. 1 2950 switch
1 2811 router
5510 asa Is a router on a stick the most secure and best practice way to do this or is there other ways to do this ? |
|
ciscocrank
15 posts
 |
upload network lab diagram |
|
laith43d
60 posts
 |
Please give as much details as possible so we can help. |
|
Cisco_Kid
1 post
|
What are the two devices that the VPN will terminate on? Sounds like you want to build a L2L VPN tunnel, between ASA and IOS. Not sure what you wanting to do with the switch? I am guessing from your list that you want the ASA as one Edge device and at the other site use the ISR Router using IOS VPN and Firewall Feature Set. If that is true we can help you with that. |
|
chava20
7 posts
|
Yes that's correct an ASA as Edge device and at the other site use the ISR 2811 Router using the IOS VPN and Firewall Feature Set. |
|
chava20
7 posts
|
ASA <------> INTERNET<-----> 2811 ---- 2960switch ---| 192.168.20.0 & 192.168.30.0 Just wondering best way to segment this network while still allowing to talk to each other, vlans with router on a stick seems to be best solution. Thanks guys for help. |
|
laith43d
60 posts
|
Basically separate with two VLANs, say VLAN 20, and 30. While they both are able to communicate with the router, which acts as a ROS. The router will NAT both network to the Internet, as well as works as a DHCP server for them both. You can create VPN tunnels and control access for both subnets. If you like to get the Configuration let me know, I may create a lab using GNS3 and send you the configuration files for both router and ASA. |
Viewing 1 - 7 of 7
- 1
