Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
365
Views
0
Helpful
1
Replies

Can it be done? Cisco ASA 5500 series Firewall L2L and client VPN question?

mdoldan
Level 1
Level 1

‎02-18-2011 07:01 AM

I don't have a lab environment to test this out in and I was hoping I could get an expert opinion on this topic.

I want to privatize the outside interfaces of my ASA firewalls however I need a public IP address bound to an Interface to support L2L and client VPN (using the Cisco client software). What I'd like to do is route to the firewall privatized outside interface and have a DMZ interface with a public IP address on it for VPN peering. Ideally this would allow me to build rules on the outside interface limiting communication to the DMZ interface to IPSEC only. Thus VPN tunnels would traverse the outside interface and terminate on the DMZ interface giving me granular control of the peers and protocols allowed to the each the DMZ interface.

Can it be done?

Does Cisco support this configuration?

Platforms: ASA 5510, 5540, 5550, 5580

Versions: 7.2(4)33, 8.2(2) 

Labels:
0 Helpful
1 Reply 1

Yudong Wu
Level 7
Level 7

‎02-18-2011 10:48 AM

To my knowledge, you can not terminate VPN traffic on the interface which is not the interface where the VPN traffic incomes to the ASA.

0 Helpful
Customers Also Viewed These Support Documents