Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
291
Views
0
Helpful
2
Replies

VPN configuration for two pairs of firewalls

alitster
Level 1
Level 1

‎10-25-2006 01:35 AM - edited ‎02-21-2020 02:41 PM

Hi,

We have two pairs of ASA5520's, one sitting in front of the other, to create a DMZ and a Secure zone for our database servers. What is the normal practice for allowing VPN access to the Secure zone when it is behind two sets of firewalls? - Do you allow VPN traffic to pass through the first set of firewalls and terminate the VPN connection on the second set of firewalls??

Many Thanks,

Alan

Labels:
0 Helpful
2 Replies 2

chetankamra
Level 1
Level 1

‎10-26-2006 04:36 AM

Hi,

I think you have to open IPsec in and out interfaces to bypass Ipsec tunnel.

Ck

0 Helpful

pmajumder
Level 3
Level 3

‎10-26-2006 10:04 AM

Hello Alan,

It will depend of our orgs security policy. In our case (We also have 2 sets of firewalls) we terminate our VPN connections (both RA and l2l) on the outside interface of the front set of routers.

You can consider terminating it on the inside or dmz interface of the outside set, but remember that if you terminate a tunnel on an interface other that the 1st outside one then you won't know what kind of traffic is coming through, and you will thus lose the capability of controlling that traffic at the very edge.

Regards

Pradeep

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents