Am working on a project having 14 sites. And design would be like hub and spokes and we will make vpn for site-to-site connectivity.
Now i need to know about design?
1.CME router --->Firewall--->internet
2. Firewall--->CME router--->internet.
ASA will be doing vpn termination. And i know firewall doesn't support gre and dmvpn. So how i can do hub and spoke.
Solved! Go to Solution.
Are you committed to using ASA's? I would personally stick with the CME router and use DMVPN.
Perhaps at the head office you can use both - but I'd but them side by side, not one behind the other.
Thanks for the help.
Here question arises, there will be some burden of call processing on cme router so why to use it if we have dedicated device for that purposes and all sites have ASA 5512X.
So my question is
1. So if i use cme i have to buy security license and VPN ISM?
if yes then my company will dont let me to make this because they already bought all the material.
2. There is no support hub spok in ASA at all?
If yes then what if i place firewall on the edge? and make dmvpn or gre on cme and let firewall to do encryption for that purposes? Is that possible?
3. There also some clients who will remotely doing there work, so i will be doing ssl-client as well. So is it possible if i place my router on edge doing nat and firewall responding ssl. Whcih ports do i need to forward then.....
So what you suggest.
yup you right plain text packets.....
Is there a way that i do mgre on router behind frewall and firewall do ipsec for interested traffic?
Okay, thanks for helping me in clearing my points. Now what you suggest. 2951 cme and 5512 asa with firepower.... We need centralized and remote access both features.
So if u suggest anything will be appreciated..