We are currently planning to add a perimeter firewall (Cisco ASA). We have concern on the IPSEC tunnel currently established on existing firewall (Cisco ASA).
Below is a simple representation of how the current setup and future setup:-
External site -> Internet -> Cisco ASA -> Internal network
External site -> Internet -> Cisco ASA -> Cisco ASA -> Internal network
( IPSEC Tunnel )
Both the new firewall and existing firewall will have public IP. We will configure access list to allow IPSEC on new perimeter firewall and exclude the current firewall external IP from PAT.
Is there anything need to take care of ?