Hi,
I'm planning to get a new ASA 5545 and place it behind the 2911, which has all access lists for the corporate.
As we need to expand site-to-site VPN and set up a proper DMZ, ASA was considered one of best options as a VPN termination point.
The issue is I've only got a couple of weeks to install ASA which is not enough time to transfer all access lists into the firewall and switchover.
I'm thinking to connect new ASA to one of Gig ports on 2911 and assign public IP address to interfaces on the router and ASA, and then connect one of Gig ports to core switch.
And then I'm thinking to terminate the VPN at the ASA.
Can someone please share some ideas on this? I'm not totally sure whether this scenario is plausible or not.
Cheers,
John