02-28-2023 04:13 AM
Hi guys
I have come up with a solution to get my Corporate traffic into Azure by way of a VPN, which will terminate on a HA pair of ASAv firewalls. I need to protect an HTTPS flow within the tunnel and have it decrypted on the ASAv.
The flow would be our Corp network as src address range to a VIP that will sit on both ASAv firewalls. The VIP is from the Azure public address ranges and has been created in Azure. A NAT rule will essentially take that input and convert the destination IP address from the VIP to the internal ip address of our ALB within Azure.
I haven't tested this yet, but I can't see anything that would stop this working, as because the traffic is coming to the ASAv from a VPN tunnel, i don't need the ASAv to arp for the VIP.
What do you all think?
Regards
James
Solved! Go to Solution.
02-28-2023 04:39 AM - edited 02-28-2023 04:39 AM
seem like it will work so you have a ALB as public IP addresses. the vpn tunnel will formed from remote side to ASAv where as for the presentation of ASAv ALB will be the outside (let say the point where the traffic vpn will terminate). yes sound like it will work.
02-28-2023 04:39 AM - edited 02-28-2023 04:39 AM
seem like it will work so you have a ALB as public IP addresses. the vpn tunnel will formed from remote side to ASAv where as for the presentation of ASAv ALB will be the outside (let say the point where the traffic vpn will terminate). yes sound like it will work.
02-28-2023 04:52 AM
Yes, the two ASAv are sat behind a PLB, which will pass IKE traffic through to the active ASAv.
02-28-2023 04:57 AM
@jamesholley these two ASAv in ha pair? you mentioned the word active ASAv so i assume it HA pair. yes the sound of this would work.
02-28-2023 05:02 AM
Hi, yes, an HA pair working in active/standby mode.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide