Question : Cisco ASA 5505 connecting to Internet through a Comcast Router

Hello,
ASA 5505. 7.2x code.
I have a Comcast router that has a physical coax cable on the WAN side, and an RJ-45 on the LAN side.
I plan on connecting my ASA's WAN connector (RJ45) to to the LAN side of the Comcast Router.
The Comcast WAN will have a statically assigned public ip.
The Comcast LAN will have a private ip on subnet X.
The ASA WAN will have a private ip on subnet X.
The ASA LAN will have a private ip on subnet Y.
The ASA will have a default gateway of the Comcast LAN ip.
I plan on terminating vpn clients onto the WAN side of the ASA. Is it possible to do this? If so, how?

Thank you!!

Answer : Cisco ASA 5505 connecting to Internet through a Comcast Router

Your outgoing service must get NATted to the Comcast WAN public IP I assume. So the first question is: do Comcast nat any incoming connections to your ASA WAN ip on subnet X (they should)?

If they do, then you can just set up your VPN as you would in the same way as if you had a public address on the ASA WAN interface. NAT traversal should be assumed, but some versions do not enable by default, so you'll need:

crypto isakmp nat-traversal 20

Then you'll want your external interface to permit isakmp (udp/500) and nat-t (udp/4500) though to the ASA WAN ip address. Or use the "let vpn in" sysopt:

sysopt connection permit-vpn

Random Solutions

Supplied parameter sid is in use.

Reocurring WIndows Updates

Exchange 2007 SCC Cluster

How do I compare two dates in MySQL if one is a text field?

Application.Quit leaves MSACCESS.EXE in memory?

Connecting Outlook 2007 to Exchange 2010 a Password is required each time outlook is opened

PHP Frameworks: is there a way to document class information?

Using the Plugin More Fields and having trouble with Post Types

C++ Assigne multi word input into single string fiield