Terminate Internet Link on an ASA?

ramkunta · ‎04-17-2013

Hi all,

I need a suggestion on something very basic. There is a requirement for having a Site-to-Site tunnel.

Instead of terminating internet connectvity on a cisco router and connecting router to an ASA firewall, can we terminate the internet connectivity directly on the Firewall and have a site-to-site tunnel? Will there be any disadvantages if we do this? Kindly help me understand.

Regards,

Ram

Richard Burts · ‎04-20-2013

Ram

There are several things to consider in trying to determine whether it will work to terminate the internet connection directly on the ASA. Perhaps one of the first considerations would be what type of interface is the internet connection. The ASA supports various types of Ethernet interface (depending on what model of ASA you use). If the internet connection is some type of Ethernet interface then the ASA may work. If the internet connection is some type of serial interface or is something like ADSL then the ASA may not work.

Another possible consideration is whether you want to do QoS inbound or outbound on the internet traffic. The tools for QoS are generally better on the router than they are on the ASA. Other things to consider are whether there is a single internet connection or multiple internet connections, and whether you will run a routing protocol with the internet provider.

Another aspect to consider is whether you want to terminate the site to site tunnel on the ASA or on the router. Depending on the model of router it is likely that both a router and the ASA are able to terminate site to site tunnels.

HTH

Rick

HTH

Rick