Remote Access VPN on Perimeter Firewall

Unanswered Question
Jun 6th, 2009
User Badges:


We have a pair of ASA 5520 as our commercial web portal perimeter firewall. Is it feasible to configure remote access VPN (for remote management) on the same set of firewalls or is it better to use a separate firewall for this purpose.

Would there be any performance degradation...(max would be 5 users at any point in time).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
JORGE RODRIGUEZ Sat, 06/06/2009 - 10:45
User Badges:
  • Green, 3000 points or more

Yes you can, when you say remote management are you referring to management of the firewall? if so you have many other options if it is just for remote management of the firewall.

1- You can configure RA VPN and manage the firewall or any other resources inside your network.


2- If it is just for firewall management and nothing else you can simply allow the access from source IP and destination of the firewall outside interface.

For example if user1 with public ip of you can allow management to the firewall exclusivaly from that IP as:

This scenario would be for a user who has permanent static IP, would not recommend this scenario if user changes public IP. The downside in this is the user is bound to manage the firewall from that only Ip address as suppose to using Cisco VPN client RA.

asa(config)#http outside

asa(config)#ssh outside


3- You can configure SSL Webvpn for those users, there is no client needed to be installed on the 5 users machines , through ssl webvpn you can then allow them access to any system to manage the firewall. This scenario provide beter mobility as ssl vpn just requires web browser that supports SSL which most browsers do.

Would there be any performance degradation...(max would be 5 users at any point in time).



cisco_lite Sun, 06/07/2009 - 02:26
User Badges:


Can the servers and network devices be managed over SSL WebVPN. If so, how can it be achieved.


JORGE RODRIGUEZ Sun, 06/07/2009 - 15:48
User Badges:
  • Green, 3000 points or more

Through webvpn you can access any systems inside your network that provides network management , whether web-based management apps or rdp to management stations you can simply access those apps from within Webvpn session. Perhaps with Anyconnect SSL client you may be able to manage devices from the connected source, if you do need to directly manage remote network better to stablish a L2L vpn to manage remote network through permanent ipsec tunnel.



This Discussion