https://community.cisco.com/t5/network-security/active-active-asa-remote-vpn-access-limitations/m-p/1772060#M530396 <P><STRONG>Hi Experts</STRONG></P><P></P><P><STRONG>We have an Active/Active ASA 5520 setup, as i know in Active/Active setup there is no remote VPN access, So i could overcome this limitations?</STRONG></P><P><STRONG>I have a solution but i dont know if it is ablecable or not? we have a spare ASA 5510, so i can use it behind Active/Active Firewalls and assign a public static NAT IP address to it and open all IPSEC and VPN ports and let the remote users to connect to it, is this ablecable setup or not? please advise.</STRONG></P><P></P><P><STRONG>Thanks in advance</STRONG></P> Mon, 11 Mar 2019 21:27:14 GMT Mahmoud Nossair 2019-03-11T21:27:14Z https://community.cisco.com/t5/network-security/active-active-asa-remote-vpn-access-limitations/m-p/1772060#M530396 <P><STRONG>Hi Experts</STRONG></P><P></P><P><STRONG>We have an Active/Active ASA 5520 setup, as i know in Active/Active setup there is no remote VPN access, So i could overcome this limitations?</STRONG></P><P><STRONG>I have a solution but i dont know if it is ablecable or not? we have a spare ASA 5510, so i can use it behind Active/Active Firewalls and assign a public static NAT IP address to it and open all IPSEC and VPN ports and let the remote users to connect to it, is this ablecable setup or not? please advise.</STRONG></P><P></P><P><STRONG>Thanks in advance</STRONG></P> Mon, 11 Mar 2019 21:27:14 GMT https://community.cisco.com/t5/network-security/active-active-asa-remote-vpn-access-limitations/m-p/1772060#M530396 Mahmoud Nossair 2019-03-11T21:27:14Z https://community.cisco.com/t5/network-security/active-active-asa-remote-vpn-access-limitations/m-p/1772061#M530397 <HTML><HEAD></HEAD><BODY><P>Mahmoud, </P><P></P><P>Yes, deployments like this do exist in the wild <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P>People put the VPN termination either in a DMZ module or outside.</P><P>The thing to remember that if a VPN device is behind NAT it will use UDP/4500 from MM5 or AM3, so no ESP/AH packets will/should be seen.</P><P></P><P>HTH,</P><P>Marcin</P></BODY></HTML> Tue, 20 Sep 2011 17:47:52 GMT https://community.cisco.com/t5/network-security/active-active-asa-remote-vpn-access-limitations/m-p/1772061#M530397 Marcin Latosiewicz 2011-09-20T17:47:52Z