Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1981
Views
0
Helpful
1
Replies

How to configure an ASA 5516-X to be used only for VPN and connect it behind FMC/FTDs

jason.sheumaker
Level 1
Level 1

‎05-19-2020 06:36 PM

I have an FMC1600 that manages 2 FTD 2210s. I also have an ASA 5516-X that is going to be used for VPN so we can use posturing. How do I configure the 5516 and connect it so that it communicates with the FMC/FTDs for Firewall protection and also have access to the Internet so that the VPN users can connect to it?

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-19-2020 08:29 PM

Ideally there would be two DMZ segments off the Firepower pair - DMZ-out and DMZ-In. The ASA has an outside and inside interface in each of those and is setup just like a normal ASA.

The policies on the Firepower pair would be to have a static NAT for the ASAs outside interface and an Access Control Policy allowing inbound tcp/443 and udp/443 to the ASA outside address (Firepower outside to DMZ-Out). A second ACP would allow inbound traffic from the VPN users (and the ASA itself) from DMZ-In to the Firepower Inside zone.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card