ASA VPN network design

Unanswered Question
JORGE RODRIGUEZ Sun, 01/11/2009 - 11:36

Think of VPN design discribed in your great links as a concept/guideline that can also be applied to ASA5500 appliences

in your infrastructure internet EDGE-parameter when using VPN technologies.

There are very common design examples in this link for ASA appiences

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

L2TP over IPSec

Remote Access VPN

Easy VPN

SSL VPN/Web VPN

Site to Site VPN (L2L) with ASA

Site to Site VPN (L2L) with IOS

Site to Site VPN (L2L) with VPN3000

VPN with Non-Cisco Devices

Regards

cscbrannent Sun, 01/11/2009 - 13:32

We have our ASA's in vpn load balanced design, parallel to our firewall terminating SSL VPN sessions with an RSA Authentication server providing user authentication via RADIUS.

All the VPN clients get their own IP address from a pool configured on the ASA and then we use ACL's to permit access from the vpn net to the inside nets. We can granularly control access if we so desire.

Hope this helps.

Actions

This Discussion