https://community.cisco.com/t5/network-security/remote-access-vpn-on-perimeter-firewall/m-p/1224606#M834997 <HTML><HEAD></HEAD><BODY><P>Through webvpn you can access any systems inside your network that provides network management , whether web-based management apps or rdp to management stations you can simply access those apps from within Webvpn session. Perhaps with Anyconnect SSL client you may be able to manage devices from the connected source, if you do need to directly manage remote network better to stablish a L2L vpn to manage remote network through permanent ipsec tunnel. </P><P></P><P>Regards</P><P></P></BODY></HTML> Sun, 07 Jun 2009 22:48:36 GMT JORGE RODRIGUEZ 2009-06-07T22:48:36Z https://community.cisco.com/t5/network-security/remote-access-vpn-on-perimeter-firewall/m-p/1224603#M834994 <P></P><P>Hi, </P><P></P><P>We have a pair of ASA 5520 as our commercial web portal perimeter firewall. Is it feasible to configure remote access VPN (for remote management) on the same set of firewalls or is it better to use a separate firewall for this purpose.</P><P></P><P>Would there be any performance degradation...(max would be 5 users at any point in time). </P> Mon, 11 Mar 2019 15:40:25 GMT https://community.cisco.com/t5/network-security/remote-access-vpn-on-perimeter-firewall/m-p/1224603#M834994 cisco_lite 2019-03-11T15:40:25Z https://community.cisco.com/t5/network-security/remote-access-vpn-on-perimeter-firewall/m-p/1224604#M834995 <HTML><HEAD></HEAD><BODY><P>Yes you can, when you say remote management are you referring to management of the firewall? if so you have many other options if it is just for remote management of the firewall.</P><P></P><P>1- You can configure RA VPN and manage the firewall or any other resources inside your network.</P><P></P><P>0r</P><P></P><P>2- If it is just for firewall management and nothing else you can simply allow the access from source IP and destination of the firewall outside interface.</P><P></P><P>For example if user1 with public ip of 20.20.20.20 you can allow management to the firewall exclusivaly from that IP as:</P><P>This scenario would be for a user who has permanent static IP, would not recommend this scenario if user changes public IP. The downside in this is the user is bound to manage the firewall from that only Ip address as suppose to using Cisco VPN client RA.</P><P></P><P>asa(config)#http 20.20.20.20 255.255.255.255 outside</P><P>asa(config)#ssh 20.20.20.20 255.255.255.255 outside</P><P></P><P>or</P><P></P><P>3- You can configure SSL Webvpn for those users, there is no client needed to be installed on the 5 users machines , through ssl webvpn you can then allow them access to any system to manage the firewall. This scenario provide beter mobility as ssl vpn just requires web browser that supports SSL which most browsers do.</P><P></P><P><B>Would there be any performance degradation...(max would be 5 users at any point in time).</B> </P><P></P><P>NO</P><P> </P><P></P><P>Regards</P><P></P></BODY></HTML> Sat, 06 Jun 2009 17:45:47 GMT https://community.cisco.com/t5/network-security/remote-access-vpn-on-perimeter-firewall/m-p/1224604#M834995 JORGE RODRIGUEZ 2009-06-06T17:45:47Z https://community.cisco.com/t5/network-security/remote-access-vpn-on-perimeter-firewall/m-p/1224605#M834996 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>Can the servers and network devices be managed over SSL WebVPN. If so, how can it be achieved. </P><P></P><P>Thanks.</P></BODY></HTML> Sun, 07 Jun 2009 09:26:25 GMT https://community.cisco.com/t5/network-security/remote-access-vpn-on-perimeter-firewall/m-p/1224605#M834996 cisco_lite 2009-06-07T09:26:25Z https://community.cisco.com/t5/network-security/remote-access-vpn-on-perimeter-firewall/m-p/1224606#M834997 <HTML><HEAD></HEAD><BODY><P>Through webvpn you can access any systems inside your network that provides network management , whether web-based management apps or rdp to management stations you can simply access those apps from within Webvpn session. Perhaps with Anyconnect SSL client you may be able to manage devices from the connected source, if you do need to directly manage remote network better to stablish a L2L vpn to manage remote network through permanent ipsec tunnel. </P><P></P><P>Regards</P><P></P></BODY></HTML> Sun, 07 Jun 2009 22:48:36 GMT https://community.cisco.com/t5/network-security/remote-access-vpn-on-perimeter-firewall/m-p/1224606#M834997 JORGE RODRIGUEZ 2009-06-07T22:48:36Z