cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
489
Views
0
Helpful
4
Replies

ASA for remote access VPN

the-lebowski
Level 4
Level 4

I already use a Netscreen for my site-to-site VPN's and I would like to implement an ASA to handle the remote access client VPN's.

Has anyone done this before?  If so how would I go about doing it? Hang the ASA off one my netscreen ports?

4 Replies 4

Hi,

Where to connect it depends on your layout.

The ASA can definitely be used to terminate VPN remote access IPsec connections.

Hope this link will help you, let us know if you have any questions:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

Federico.

Thanks Frederico.

Assume my layout is this:

Internet < ------ > Netscreen FW < ------ > Core Switch-router <------> LAN.

Your thoughts?

You're going to use the ASA for anything else besides terminating the remote access VPNs?

For terminating VPN connections you can position the ASA either in-front, in-parallel (if having a switch) or behind the Netscreen FW.

It depends who has the public IP address and on the functions that are going to performed the ASA and the Netscreen.

Federico.

No, solely for terminate remote access VPNs.

I have a switch in between my FW and my edge modem, I also have public IP's that I can use for the outside interface.  Netscreen should be the entry point for all NON remote access traffic.  ASA should be entry point for remote access traffic and should go through the Netscreen.  So in front or parallel should work without fail.

If it were behind it I would tunnel all dial-up vpn traffic through FW to ASA.  I would rather tunnel remote access VPN through FW and set policies there to allow/deny traffic.  Would that work?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: