Hopefully a nice simple question for someone.
I have a small network office with network range 192.168.1.0/24. It currently has a basic setup of router -> firewall -> switches, and I'd like to keep the netowkr as simple as possible.
The router is a 1800 series, but the firewall is another brand. The local default gateway is on the inside of the currently in place firewalls, but I would like to add a Cisco ASA to the existing setup for terminating my VPNs on.
I would like this ASA to have the outside interface configured in the 192.168.1.0/24 and NAT that address on the Cisco router. I will then add a route on the currently in place firewalls to send any traffic I want to go over my VPNs to the outside interface of my ASA, which will then route it back out of the outside interface over the VPN.
Essentially, what I'm asking is, can I just configure the outside interface, stick "same-security-traffic permit intra-interface" on there, and configure my VPNs as usual?
Just seems a bit strange to me not having any of the other interfaces configured and just patching in the outside interface... but this may be completely usual.
Thanks in advance.
Just make sure you have the same security permit intra interface configured to allow the ASA to redirect traffic back out the same interface in which it received it.
The tunnel should work just fine.
Let me know if you have any problems.