Hi,
I need a little sanity check please. I want to consolidate two PIX's onto a single ASA. Each PIX currently has an IPSEC VPN that terminates on the same remote peer (our ePoP VPN router).
The plan is to have interesting traffic for both local subnets added to the crypto ACL.
Currently working is:
PIX-1 10.10.10.10 --> (inside interface) --> 1.1.1.1 (outside interface) --> edge router --> WAN --> 5.5.5.5 (VPN router) --> Internet
Crypto ACL:
access-list 10 permit ip 10.10.10.0 255.255.255.0 any
PIX-2 20.20.20.20 --> (inside interface) --> 1.1.1.2 (outside interface) --> edge router --> WAN --> 5.5.5.5 (VPN router) --> Internet
Crypto ACL:
access-list 20 permit ip 20.20.10.0 255.255.255.0 any
I want to do:
ASA-1 10.10.10.10 --> (DMZ-1interface) --> 1.1.1.1 (outside interface) --> edge router --> WAN --> 5.5.5.5 (VPN router) --> Internet
ASA-1 20.20.20.20 --> (DMZ-2 interface) --> 1.1.1.1 (outside interface) --> edge router --> WAN --> 5.5.5.5 (VPN router) --> Internet
Crypto ACL:
access-list 10 permit ip 10.10.10.0 255.255.255.0 any
access-list 20 permit ip 20.20.10.0 255.255.255.0 any
Does anyone see any challenges with this?
Thanks, Dave