Looking to start a discussion around best practices for inbound network design at the core.
The planned devices are as followings:
- Edge Routing / DMVPN - Cisco 2951
- Cisco UCM / IP Phone VPN Concentrator - Cisco ASA 5512-X
- Cisco AnyConnect SSL Client Concentrator - Cisco ASA 5515-X
- Cisco FirePower / IPS Device - Cisco ASA 5515-X
The plan is as follows:
- All traffic enters through the 2951.
- DMVPN traffic will go directly to the FirePower Device and then to the core network.
- IP Phones will pass-through 2951, enter 5512-X for VPN, go to FirePower and then to the core network.
- AnyConnect Clients will pass-through 2951, enter 5515-X for VPN, go to FirePower and then to the core network.
Wondering if anyone else has completed a similar setup and any issues you may have fun into.
Basic diagram attached.
Thanks!