How to make FWSM work with ASA 5505 VPN

Unanswered Question
Aug 16th, 2009
User Badges:

hi, sorry to bother you guys on such a 'silly' question. I'm kind of new on network. here is my problem.

My logical network toplogy is like this: ISP-->FWSM on Cisco 6500-->F5-->Cisco 6500 switch. FWSM is working in transparetn mode. The static IP from ISP is allocated to F5. Now I'm required to deploy IPsec VPN with ASA 5505.

so, my question is that where I should setup this ASA 5505. I know the classic scenario is to allocate the static IP from ISP to ASA 5505, but in my case, it's been given to F5. How could i make it happen?

thanks a lot, guys

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Personally, I would have the ASA either before or in-line with the FWSM. If your license for the FWSM can allow you more than one context (not sure if you get more than 2 on a normal licence) then have your current context transparent, then creat another one for your VPN solution.

If multiple contexts are not for you - then I would place the ASA before the FWSM, and create specific vlans- depends on the ASA model and interfaces (not counting the trunking function)



ciscobonze Sun, 08/16/2009 - 21:45
User Badges:

Andrew, very grateful for your information.

Yes, we're able to do multiple contexts. So 'in-line' might be my choice. If I create a new context, how can i deal with the ingress interface? My ISP interface is already given to the existing context...

Is there any document that might help me out? thanks so much~

ciscobonze Mon, 08/17/2009 - 04:55
User Badges:

sorry i didn't make it clear. My FWSM IS running in transprant mode, and the IP from ISP is not assigned to FWSM interface, but F5 Big-IP. I'll read the document you recommended, and any suggestion is appreciated.


This Discussion