ASA placement

peter.williams · ‎03-06-2013

Is it recommended to place my ASA before the router? I want to terminate all of my VPN traffic on my router. So it would be Internet -> ASA -> router -> users

Thank you

Sent from Cisco Technical Support iPhone App

Julio Carvajal · ‎03-06-2013

Hello Peter,

Well, you can make it happen but my question would be:

Why wont you use the ASA to both terminate the VPN connections and protect your network?

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

peter.williams · ‎03-07-2013

there is an requirement to terminate on the router (3845). Do I need to give the router public IP or private IP?

Julio Carvajal · ‎03-07-2013

Hello Peter,

Gotcha, public IP address as that is where the other say should point as the VPN peer,

Let me know if you have any questions

Check your private messages

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

peter.williams · ‎03-09-2013

How can I allow the VPN traffic through the ASA and terminate on the router? Is this possible?

Internet -> ASA -> Router -> User

Sent from Cisco Technical Support iPhone App

Julio Carvajal · ‎03-09-2013

Hello,

Yes, you can.

Just allow the right protocols and layer 4 ports,

If it's an IPSec tunnel:

UDP 500 (Isakmp)

ESP ( Protocol 50)

AH( Protocol 49)

Regards,

Julio Carvajal

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

ASA placement

[CVIM] Ceph Placement Group について

ASA: Failover 構成時における ASA の Smart License の扱いについて

ASA: FPR1000シリーズを rommon> から ASA にリイメージする方法について

Firewall: ASA Failover，FTD HA の 'Negotiation' ステータスについて

ASA: 冗長機能と、Failoverのトリガー、Health Monitoringについて