cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
291
Views
0
Helpful
1
Replies

router vpn interface

alan-wong
Level 1
Level 1

Hi,

I ususally use cisco asa to connect site to site vpn.  The outside Eth0/0 intereface I ususally use for public internet static IP and eth0/1 to connect internal network.

For router.  I have saw a lot of example over the web.  It usually use FE0/1 for public internet static IP for both site to site VPN connection point and FE0/0 for internal network.  Could you tell me why ?  My concept is outside interface of FE0/0 must use for public IP address because the less security level.  Please help to explain.  Thank you

1 Accepted Solution

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

The interface ID doesnt have anything to do with the interfaces security on its own. On an ASA the "security-level" is used to define which is the least secure interface (the one facing Internet), not the port ID.

You are free to use any physical interface on a Cisco Router or ASA to whatever purpose you want.

Most people tend to use the port with the ID 0/0 for "outside" and the others for local network connections.

There is nothing stopping you from using something different.

- Jouni

View solution in original post

1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

The interface ID doesnt have anything to do with the interfaces security on its own. On an ASA the "security-level" is used to define which is the least secure interface (the one facing Internet), not the port ID.

You are free to use any physical interface on a Cisco Router or ASA to whatever purpose you want.

Most people tend to use the port with the ID 0/0 for "outside" and the others for local network connections.

There is nothing stopping you from using something different.

- Jouni

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: