Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
0
Helpful
1
Replies

Terminating VPN at ASA sitting behind 2911

John Kim
Level 1
Level 1

‎06-12-2014 01:18 AM - edited ‎03-11-2019 09:19 PM

Hi,

 

I'm planning to get a new ASA 5545 and place it behind the 2911, which has all access lists for the corporate.

As we need to expand site-to-site VPN and set up a proper DMZ, ASA was considered one of best options as a VPN termination point.

 

The issue is I've only got a couple of weeks to install ASA which is not enough time to transfer all access lists into the firewall and switchover.

I'm thinking to connect new ASA to one of Gig ports on 2911 and assign public IP address to interfaces on the router and ASA, and then connect one of Gig ports to core switch.

And then I'm thinking to terminate the VPN at the ASA.

 

Can someone please share some ideas on this? I'm not totally sure whether this scenario is plausible or not.

 

 

Cheers,

John

Labels:
0 Helpful
1 Reply 1

syed kazim abbas
Level 3
Level 3

‎06-15-2014 05:09 AM

Hi, 

The good way is, you have to use notepad. Copy all router's ACL modify there and paste in ASA.

On the other hand, if you want to install both, enable pat on router and permit VPN traffic redirecting to ASA ESP,UDP 4500 and 500 (isakmp). It will save your 2 public IP.

 

Regards,

kazim

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card