[c-nsp] ASA5505, Restricted VLAN & VPN

Michael K. Smith - Adhost mksmith at adhost.com
Tue Sep 15 18:41:53 EDT 2009


Hello Dave:

<snip>
> Hello all, first time poster, please be gentle...
> 
> I have a client scenario that I can't work out in the lab for a few
> days, hoping someone here might already know if it is possible or not.
> 
> I have a client with an ASA5505, base license, currently utilizing the
> "restricted" VLAN to provide access to the internet only, across the
> "outside" interface.  Is it possible to make a VPN connection from the
> restricted VLAN via (I assume) the "outside" interface, and gain
> connectivity to the "inside" interface across said VPN?  I've been
able
> to do similar things with IOS routers in the past, I just can't nail
> down from the documentation if this would be allowed on an ASA
> utilizing
> the included restricted VLAN.  Thanks in advance for any insight.
> 
> Regards,
> 
> dtb
<snip>

What do you mean by restricted VLAN?  The inside and outside, let's call
them VLAN 1 and VLAN 2, should both work unrestricted.  The restricted
VLAN is the third VLAN you would use for a DMZ.  If you go with the two
regular VLAN's then you will be able to establish VPN connectivity from
outside to inside with no technical difficulties.  You may, however,
have licensing restrictions if you're attempting to do SSL-based VLAN's.

Regards,

Mike


More information about the cisco-nsp mailing list