Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
565
Views
0
Helpful
1
Replies

Active/Active ASA remote VPN access limitations.

Mahmoud Nossair
Level 1
Level 1

‎09-20-2011 05:17 AM

Hi Experts

We have an Active/Active ASA 5520 setup, as i know in Active/Active setup there is no remote VPN access, So i could overcome this limitations?

I have a solution but i dont know if it is ablecable or not? we have a spare ASA 5510, so i can use it behind Active/Active Firewalls and assign a public static NAT IP address to it and open all IPSEC and VPN ports and let the remote users to connect to it, is this ablecable setup or not? please advise.

Thanks in advance

Labels:
Preview file
39 KB
0 Helpful
1 Reply 1

Christopher Bell
Level 4
Level 4

‎09-20-2011 05:37 AM

Sure, I think you could do that.  NAT will be a little tricky on post 8.2 code however.  The other option I can think of (we did this one time) is if you have enough static IPs with your ISP provider you could use a second interface off your edge router.  Put a static pointing to your 5510, then just connect the 5510 back to your core.  VPN connections would bypass the 5520 pair and terminate on the 5510.  In my opinion, that would be an easier setup and avoid tricky NAT configs.  It would probably also prove to be a little 'faster' for your remote users.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents