ASA 5540 VPN/EXtranet Traffic

vabruno · ‎06-18-2007

We are looking at redesigning our current infrastructure, currently we have a Cisco 3060 concentrator that terminates all client and site-2-site tunnels and all traffic is directed to our corporate dmz interface (firewall) for the next hop. All extranet traffic flows though our existing extranet interface on our coroprate Firewall.

What we want to do today is possibly use a Cisco 5540+ to terminate all Site-2-Site tunnels and our normal extrnet traffic. I am use to a Cisco asa 5510 which only had one public interface and several inside interfaces. Does the Cisco ASA 5540 give you the ability to have server external interfaces and several internal interfaces? Example all our VPN traffic would terminate to our DMZ interface internally and all our extranet traffic our terminate to a different interface rather then haveing them all terminate on the same interface?

guibarati · ‎06-18-2007

I dont know if i understood you right but I guess you want have more than one public interface. The big problem you will get in is that you can not have more than one default gateway in your ASA, so if the IP address of all the s-2-s vpns are static and the clients are dynamic you can set the static routes for the interface where the s2s will come and leave the default for the one with c2s. If both of them are dynamic i guess there is no way to do it.

vabruno · ‎06-18-2007

Thank for your response. I believe I was a bit confussed myself and may of not posted full details. I believe I have answered my own question.

Thank You...