Question : Cisco ASA 5505 connecting to Internet through a Comcast Router

Hello,
ASA 5505. 7.2x code.
I have a Comcast router that has a physical coax cable on the WAN side, and an RJ-45 on the LAN side.
I plan on connecting my ASA's WAN connector (RJ45) to to the LAN side of the Comcast Router.
The Comcast WAN will have a statically assigned public ip.
The Comcast LAN will have a private ip on subnet X.
The ASA WAN will have a private ip on subnet X.
The ASA LAN will have a private ip on subnet Y.
The ASA will have a default gateway of the Comcast LAN ip.
I plan on terminating vpn clients onto the WAN side of the ASA. Is it possible to do this? If so, how?

Thank you!!

Answer : Cisco ASA 5505 connecting to Internet through a Comcast Router

Your outgoing service must get NATted to the Comcast WAN public IP I assume. So the first question is: do Comcast nat any incoming connections to your ASA WAN ip on subnet X (they should)?

If they do, then you can just set up your VPN as you would in the same way as if you had a public address on the ASA WAN interface. NAT traversal should be assumed, but some versions do not enable by default, so you'll need:

crypto isakmp nat-traversal 20

Then you'll want your external interface to permit isakmp (udp/500) and nat-t (udp/4500) though to the ASA WAN ip address. Or use the "let vpn in" sysopt:

sysopt connection permit-vpn

Random Solutions

Cisco Configuration Professional download

unable to get reply from other computers

Dell Pe1800 Server -Stop Error 7B

SBS 2003 AD, have outlook auto add user when loggin

What will happen if i get an error in cache block in C#?

automatically get file from ftp server using .bat and put onto my computer

How do I install Windows Xp on an Acer Aspire One with a formatted hard drive with Ubuntu on it?

InDesign CS5 Crashing -- Snow Leopard

Desktop freezes; iexplore process still running