I'd like to add Cisco ASA 5510 into the existing firewall and network topology for having Cisco RAS VPN access possibility too.
I don't want to use it as a firewall, when not necessary, but only for the RAS access. I cannot imagine now , where in the network should be placed.
Existing topology has a firewal including DMZ, firewall's internal interface serves as an default gateway for the internal network as usually.
Sorry for the basic question, but Cisco is brand new for me. Last time I tested CP Connectra for that, it just sat in the DMZ with one (DMZ) public IP
Does ASA allow the same ?
There are a couple of scenario you can configure:
1) VPN server outside interface in paralel with your current firewall outside interface, and VPN server inside interface connects to your firewall DMZ interface. So VPN traffic will terminate on theeVPN server outside interface, gets decrypted and connects to the firewall dmz interface which then get routed towards the firewall internal network.
2) VPN server outside interface is connected to the firewall dmz interface, and VPN server inside interface is connected in the same vlan as your firewall inside interface. This will only work if your internal LAN is connected to a router/layer 3 switch to the router can be configured with route for the remote VPN LAN, and VPN Client ip pool subnets to be routed towards the VPN server inside interface, while keeping the default gateway towards the firewall inside interface.
Hope that helps.