cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
351
Views
5
Helpful
5
Replies
Highlighted
Beginner

ASA VPN Question

Right now I am trying my best to get a VPN configured and working, this is my first attempt and also new to Cisco products.  I have attached a copy of my network diagram, to help show what I have and how it is layed out.  The way I have things running now, is that my first ASA is configured on for firewall and security.  I have that going directly into my Cisco Router and the router handles the DHCP, DNS, and so on.  I have an extra ASA, can I configure that one to act as the VPN access to my network, so I don't have to mess with my primary one?Home_Network(2).jpg

5 REPLIES 5
Highlighted
Beginner

Re: ASA VPN Question

You could set the second ASA up to terminate your VPN connections, but it may be more resilient to cluster your spare ASA with the primary and have that device do both VPN & Firewall. This way your VPN concentrator & firewall will be protected in case of equipment failure. Another option may be to terminate VPN at the 3660 depending on what version of code that runs.

Highlighted
Beginner

Re: ASA VPN Question

I like the cluster idea...but how would I do that?  I am new to all this, mainly learning as I go....would you be willing to assist in the setup of the second ASA?

Highlighted
Cisco Employee

Re: ASA VPN Question

Hi Jonathan,

You can have the 2 ASA's in a cluster or Primary/Secondary formation, so that you would have a failover mechanism. Following link provides you with complete details of such a configuration:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

This link provides you with configuration of VPN on the ASA:

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/sitvpn.html

Now if you configure for cluster configuaration, u only need to configure for vpn and firewall on one of the ASA(primary) and it would be replicated to the other ASA(standby). The 1st link given above will provide you with complete details.

Let me know if this helps,

Cheers,

Rudresh V

Highlighted
Beginner

Re: ASA VPN Question

Any idea if I have basic license for both ASAs....failover is disabled......on both of mine....

Highlighted
Cisco Employee

Re: ASA VPN Question

Hi Jonathan,

Here are the license requirements for Active/Standby configuration:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#req

License requirements for Active/Active failvoer configuration:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#req

Let me know if this answers your question,

Cheers,

Rudresh V