I have used many a PIX and ASA as a firewall device, and even a dual VPN and firewall device.
However, I have a new scenario, I am sure many have seen my ISE related posts.
Our current firewall has reached EoL (McAfee), and instead of purchasing a new firewall would like to know if it is possible to migrate to using the ASA that is currently strictly for ANYCONNECT VPN connections, to make that also replace the McAfee firewall which also serves a handful of s2s VPN Tunnels.
Under normal circumstances I would see no problem, however, the way we have to set up the ASA to use ISE (Inline Posture Node), the ASA has a normal WAN connection, but the LAN connection to the IPN is its own VLAN in the core switch, that also contains the WAN interface of the IPN.
Would I just create a new LAN interface on the ASA to the inside network VLAN and that would basically be as a normal firewall setup using THAT interface?
Man did I just confuse myself! LOL
Any pointers here, are appreciated!
Thanks,
Dirk