ASA VPN network design

Unanswered Question
JORGE RODRIGUEZ Sun, 01/11/2009 - 11:36
User Badges:
  • Green, 3000 points or more

Think of VPN design discribed in your great links as a concept/guideline that can also be applied to ASA5500 appliences

in your infrastructure internet EDGE-parameter when using VPN technologies.

There are very common design examples in this link for ASA appiences

L2TP over IPSec

Remote Access VPN

Easy VPN


Site to Site VPN (L2L) with ASA

Site to Site VPN (L2L) with IOS

Site to Site VPN (L2L) with VPN3000

VPN with Non-Cisco Devices


cscbrannent Sun, 01/11/2009 - 13:32
User Badges:

We have our ASA's in vpn load balanced design, parallel to our firewall terminating SSL VPN sessions with an RSA Authentication server providing user authentication via RADIUS.

All the VPN clients get their own IP address from a pool configured on the ASA and then we use ACL's to permit access from the vpn net to the inside nets. We can granularly control access if we so desire.

Hope this helps.


This Discussion