cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
165
Views
0
Helpful
1
Replies

VPN in multicontext with Firewall

S891
Level 2
Level 2

I am planning to setup site-to-site VPN on ASA 5555-X. The VPN will be in one context and the firewall will be in other context. Does the traffic that terminate on VPN can be passed through firewall rule? 

1 Reply 1

Does the traffic that terminate on VPN can be passed through firewall rule?

Which firewall rule are you talking about here?  By default VPN traffic will not be filtered by interface firewall rules that are configured on the interface where the VPN is terminated.  If this VPN traffic is routed to the firewall context then that traffic will be filtered by the rules.

So if you have the following logical setup

internet --- firewall context --- VPN context --- firewall context

then encrypted VPN traffic will pass the the firewall context first and terminate on the VPN context.  Then be routed back to the firewall context (on a different interface preferably) and filtered by the access rules on that interface.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts