Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
864
Views
9
Helpful
3
Replies

Remote Access VPN on Perimeter Firewall

cisco_lite
Level 1
Level 1

‎06-06-2009 08:34 AM - edited ‎03-11-2019 08:40 AM

Hi,

We have a pair of ASA 5520 as our commercial web portal perimeter firewall. Is it feasible to configure remote access VPN (for remote management) on the same set of firewalls or is it better to use a separate firewall for this purpose.

Would there be any performance degradation...(max would be 5 users at any point in time).

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎06-06-2009 10:45 AM

Yes you can, when you say remote management are you referring to management of the firewall? if so you have many other options if it is just for remote management of the firewall.

1- You can configure RA VPN and manage the firewall or any other resources inside your network.

0r

2- If it is just for firewall management and nothing else you can simply allow the access from source IP and destination of the firewall outside interface.

For example if user1 with public ip of 20.20.20.20 you can allow management to the firewall exclusivaly from that IP as:

This scenario would be for a user who has permanent static IP, would not recommend this scenario if user changes public IP. The downside in this is the user is bound to manage the firewall from that only Ip address as suppose to using Cisco VPN client RA.

asa(config)#http 20.20.20.20 255.255.255.255 outside

asa(config)#ssh 20.20.20.20 255.255.255.255 outside

or

3- You can configure SSL Webvpn for those users, there is no client needed to be installed on the 5 users machines , through ssl webvpn you can then allow them access to any system to manage the firewall. This scenario provide beter mobility as ssl vpn just requires web browser that supports SSL which most browsers do.

Would there be any performance degradation...(max would be 5 users at any point in time).

NO

Regards

Jorge Rodriguez

cisco_lite
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎06-07-2009 02:26 AM

Hi,

Can the servers and network devices be managed over SSL WebVPN. If so, how can it be achieved.

Thanks.

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to cisco_lite

‎06-07-2009 03:48 PM

Through webvpn you can access any systems inside your network that provides network management , whether web-based management apps or rdp to management stations you can simply access those apps from within Webvpn session. Perhaps with Anyconnect SSL client you may be able to manage devices from the connected source, if you do need to directly manage remote network better to stablish a L2L vpn to manage remote network through permanent ipsec tunnel.

Regards

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card