Re: ASA placement

peter.williams · ‎03-06-2013

Is it recommended to place my ASA before the router? I want to terminate all of my VPN traffic on my router. So it would be Internet -> ASA -> router -> users

Thank you

Sent from Cisco Technical Support iPhone App

Julio Carvajal · ‎03-06-2013

Hello Peter,

Well, you can make it happen but my question would be:

Why wont you use the ASA to both terminate the VPN connections and protect your network?

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

peter.williams · ‎03-07-2013

there is an requirement to terminate on the router (3845). Do I need to give the router public IP or private IP?

Julio Carvajal · ‎03-07-2013

Hello Peter,

Gotcha, public IP address as that is where the other say should point as the VPN peer,

Let me know if you have any questions

Check your private messages

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

peter.williams · ‎03-09-2013

How can I allow the VPN traffic through the ASA and terminate on the router? Is this possible?

Internet -> ASA -> Router -> User

Sent from Cisco Technical Support iPhone App

Julio Carvajal · ‎03-09-2013

Hello,

Yes, you can.

Just allow the right protocols and layer 4 ports,

If it's an IPSec tunnel:

UDP 500 (Isakmp)

ESP ( Protocol 50)

AH( Protocol 49)

Regards,

Julio Carvajal

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC