10-15-2009 08:26 AM
I have a Windows server that runs a network monitoring tool that I need to monitor devices behind a few ASA's. Is there a way I can setup VPN connections to each firewall that will stay up like a site-to-site connection? This will need to be done in a way that is autonomous in case of a network outage, of firewall/server reboot.
10-15-2009 01:44 PM
I would suggest you to use a router/ASA/PIX which is in front of Windows server to setup vpn connection.
10-18-2009 12:24 PM
Yes, in theory you can configure L2L tunnels between Windows and an ASA.
On the ASA side you configure it just like any other L2L tunnel.
For the Windows side, check the Microsoft documentation (e.g. http://support.microsoft.com/kb/816514).
In practice however there is an interoperability issue:
CSCtb98095 L2L tunnel to Microsoft Windows interrupted at 75% of ISKAMP lifetime
Like my colleague above, I would personally recommend to terminate the tunnels on a (small) router or firewall in front of the Windows host, or on an existing router/firewall close to it.
hth
Herbert
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: