We're setting up a lab environment for fictive case and have to show a prototype.We want to know if the following is possible.
Following hardware is available:
1x ASA 5510 with a SSM-10 module
2x Catalyst 2960 series
2x 2800 series
1x HP Proliant DL 360G7 (ESXi 5.1 machine) with 4 NIC's
1x Zywall 5
-We want to accomplish that users are able to (SSL and IPsec) VPN into the ASA and the ASA puts the VPN users into the 10.1.4.x range.
-Also setting up a branch which uses the Zywall 5 to make a site to site connection with the ASA. Puts it into the 10.1.4.x range
- ESX has couple of machines with different functions in different subnets. (Routes will be made in the FW). Machines in different subnets was a requirement
- AD (10.1.1.x)
- mailserver (10.1.3.x)
- database (10.1.2.x)
- user desktops (10.1.5.x)
DMZ contains: (Dual firewall, ASA is outer and a 2800 is inner to connect to LAN)
Branch will have Zywall 5 with 10.2.x.x internal LAN ranges.
a laptop for testing purposes
See attached image for clarification.
Would this VPN be possible (WITHOUT 2 ASA's, one in each location. So 1 ASA and a Zywall 5).
Also is this the correct placement for the ASA with IDS?