Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Site2Site VPN using ASA5510 Design Question

Unanswered Question
Apr 9th, 2009
User Badges:

I'm a service provider with equipment servers, etc... in a colo location. Our customers want to establish site2site VPN tunnels to the colo location.

I need to segment customers into different networks using VLANs that are in the DMZ. Is the ASA 5510 using IPSec the best for this kind of deployment?

I will have a pair of ASAs for hot failover. Licensing cost? if you know please indicate that as well.

I don't know what VPN products they are using. I assume ASA would not have problem with interoperability.

Please advise if this design is feasible.

If you can point to me to technical reference for this design and configuration, that would be fabulous.

I include the network diagram for clarification. Please advise.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
smalkeric Wed, 04/15/2009 - 04:59
User Badges:
  • Silver, 250 points or more

You can configure IPSEC for your network. The below URL explains about Multiple VPN Group Clients to use Different VLANs after Connecting to a Security Appliance with an example.


A license specifies the options that are enabled on a given security appliance. It is represented by an activation key which is a 160-bit (5 32-bit words or 20 bytes) value. This value encodes the serial number (an 11 character string) and the enabled features. Feature licenses cannot be transferred between devices (except in the case of a hardware failure). Once purchased, you cannot return a license for a refund or for an upgraded license.


This Discussion