• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

ASA5505 direct tunnel to tunnelbroker

Started by sikoix, August 16, 2008, 11:34:02 AM

Previous topic - Next topic

sikoix

I think this would be much easier and straight-forward if I introduced a router into the equation, but I might need some help with this on my ASA5505 connected directly to a cable modem (and performing basic gateway/NAT functions at home). Does anyone have any information on how to configure this directly on the ASA5505?

Sorry if this was already covered elsewhere -- I've searched around these forums and the internet for some ASA specific information, but everyone else seems to have the ASA behind a router.

This is my ASA sho ver output (in case this just isn't possible for me):

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

DNBY-ASA-5505 up 15 hours 44 mins

Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
0: Int: Internal-Data0/0    : address is 001d.70fa.8b9c, irq 11
1: Ext: Ethernet0/0         : address is 001d.70fa.8b94, irq 255
2: Ext: Ethernet0/1         : address is 001d.70fa.8b95, irq 255
3: Ext: Ethernet0/2         : address is 001d.70fa.8b96, irq 255
4: Ext: Ethernet0/3         : address is 001d.70fa.8b97, irq 255
5: Ext: Ethernet0/4         : address is 001d.70fa.8b98, irq 255
6: Ext: Ethernet0/5         : address is 001d.70fa.8b99, irq 255
7: Ext: Ethernet0/6         : address is 001d.70fa.8b9a, irq 255
8: Ext: Ethernet0/7         : address is 001d.70fa.8b9b, irq 255
9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255

Licensed features for this platform:
Maximum Physical Interfaces  : 8         
VLANs                        : 3, DMZ Restricted
Inside Hosts                 : 10       
Failover                     : Disabled
VPN-DES                      : Enabled   
VPN-3DES-AES                 : Enabled   
VPN Peers                    : 10       
WebVPN Peers                 : 2         
Dual ISPs                    : Disabled 
VLAN Trunk Ports             : 0         
AnyConnect for Mobile        : Disabled 
AnyConnect for Linksys phone : Disabled 
Advanced Endpoint Assessment : Disabled 
UC Proxy Sessions            : 2         

This platform has a Base license.

Serial Number: JMX122XXXXX
Running Activation Key: XXXXXXXXXX
Configuration register is 0x1
Configuration last modified by patrickh at 00:21:56.718 EDT Sat Aug 16 2008

norcalttora

The ASAs don't support basic tunnels, they only support IPSec tunnels (The ASA doesn't run IOS). It would be neat if he.net supported IPSec tunnels and then I'd try out my 5505 (If someone at he.net wants to try this I'm game to beta it). In the mean time I'm IPv4 only at home.


yozh

Wow no way to do a tunnel from 5505 ? This is not good news :(

I wonder whats the best to do this ?

cholzhauer

I'm running mine through a BSD-based router and using my 5520 for access control.