I would like to setup a host-to-net VPN on my dual ASA 5520s. I want to put the VPN traffic on a separate VLAN. I attached a diagram to show what I would like to do. Because I'm using an inline Barracuda web filter I can't send VLAN trunks through the inside interface. So I guess I would have to utilize a separate interface that would send the VPN VLAN around the barracuda. How can I route traffic this way?
My main server VLAN is 192.168.0.0/24 which also has inside interface of the ASA on it. I would like to have the VPN on VLAN 60 (192.168.60.0/24) and force the traffic from the ASA, around the barracuda, and to the switch stack for routing.
Basically, I want VPN sessions to be filtered by the Barracuda unit, just like everyone is at the office. I want incoming VPN sessions to go through a separate interface back to my switch stack and then follow the same path as everyone else out to the Internet for web browsing. I'm assuming that this will involve ACL's on the ASA interfaces.
What is the best way to go about this? Thanks.
-Nick