10-10-2010 09:28 AM
Right now I am trying my best to get a VPN configured and working, this is my first attempt and also new to Cisco products. I have attached a copy of my network diagram, to help show what I have and how it is layed out. The way I have things running now, is that my first ASA is configured on for firewall and security. I have that going directly into my Cisco Router and the router handles the DHCP, DNS, and so on. I have an extra ASA, can I configure that one to act as the VPN access to my network, so I don't have to mess with my primary one?
10-10-2010 12:43 PM
You could set the second ASA up to terminate your VPN connections, but it may be more resilient to cluster your spare ASA with the primary and have that device do both VPN & Firewall. This way your VPN concentrator & firewall will be protected in case of equipment failure. Another option may be to terminate VPN at the 3660 depending on what version of code that runs.
10-10-2010 01:31 PM
I like the cluster idea...but how would I do that? I am new to all this, mainly learning as I go....would you be willing to assist in the setup of the second ASA?
10-10-2010 02:18 PM
Hi Jonathan,
You can have the 2 ASA's in a cluster or Primary/Secondary formation, so that you would have a failover mechanism. Following link provides you with complete details of such a configuration:
This link provides you with configuration of VPN on the ASA:
http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/sitvpn.html
Now if you configure for cluster configuaration, u only need to configure for vpn and firewall on one of the ASA(primary) and it would be replicated to the other ASA(standby). The 1st link given above will provide you with complete details.
Let me know if this helps,
Cheers,
Rudresh V
10-11-2010 08:46 AM
Any idea if I have basic license for both ASAs....failover is disabled......on both of mine....
10-11-2010 09:09 AM
Hi Jonathan,
Here are the license requirements for Active/Standby configuration:
License requirements for Active/Active failvoer configuration:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#req
Let me know if this answers your question,
Cheers,
Rudresh V
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide