cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


578
Views
0
Helpful
0
Replies
Beginner

Firewall with IPSEC and GRE best practice

Hi experts,

I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the secure side of the firewall. Our consultant is proposing to have a router on the side DMZ with the sole function to terminate the GRE so that the firewall can inspect the data. I'm no expert in firewall but I'm thinking that there has to be a better way. Can we terminate the IPsec and the GRE in the firewall so the data can be inspected? Or is a router facing the internet in front of the firewall in the only solution? Thank you!

imageedit_1_2975904189.jpg