Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
664
Views
0
Helpful
1
Replies

Dedicated VPN on DMZ - Isolation

opers13
Level 1
Level 1

‎11-29-2012 09:41 AM - edited ‎03-11-2019 05:30 PM

Has anyone deployed a dedicated ASA for VPN only,  on DMZ but with another ASA behind totally isolating the VPN IPs?(See Attachment)

I'm sure it's doable but my only concern is failover (no Security Context) between all the firewalls when deployed in Active/Standby.

Labels:
Preview file
49 KB
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎11-29-2012 11:15 AM

Hi,

Using multiple devices , all to handle different tasks, is normal for us but its mainly for special environments or specific customer setups. Though one things forcing our hand in certain setups is that we use ASAs in multilple context mode and therefore we need another device to handle VPNs as at the moment only support for L2L VPN exists in the newest software.

We do have setups where we have 2 failover pairs working together. One for VPN and one for NAT/ACL and it has worked fine so far and it has left the configuration on the VPN device very simple.

I'm not sure if I've understood you correctly but are you going to use 3 different failover pairs for that setup?

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card