this user group needs remote connection to be established for external parties on a different region to the HQ. The end application at HQ is sort of heavy in terms of usage as it has graphic contents. Users at remote sites are greater than 13 in no.

vpn was selected to keep cost low and use existing infrastructure.

Please let me know if this is still insufficient info.

Thanks.

Thanks Ankur for your kind help.

I will let you know for help when implementation starts for ipsec.

Thanks again.

Thanks for the reply!

My pleasure!

Appreciate your time.

for routes when configuring vpn, remote lan network is identified by putting route to my next hop ( internet ). is that wrong

also, i have heard many configure ipsec by creating tunnel. is it necessary that way.

if we just configure it with basic parameters and apply to main interface, should it be ok.

Thanks.

I have 2 asa's on which ipsec is being configured. asa-2 is also used as another application firewall.temporary ipsec configuration is done on asa-2 to check its working with asa-1.

out of some restrictions, we cant connect any test machine on asa-2 physically for this. If we were to do a ping from asa-2 to asa-1's lan interface ip, will it respond via ipsec.

this is to test ipsec connectivity before further production cuts.

thank you.

Thanks for the question!!

Well yes you can ping the ASA 1 lan side interface  by configuring the following command on ASA 1

From configuration prompt, pls  put the following command----

management-access

Thanks

Ankur

thank you for replying.

I see now, so i can indeed test ipsec connection being established by icmp between lan interface ip's of each asa & i should be able to see ipsec tunnel up status.

so i can use management-access inside , if inside is used for defining lan.