We are looking at redesigning our current infrastructure, currently we have a Cisco 3060 concentrator that terminates all client and site-2-site tunnels and all traffic is directed to our corporate dmz interface (firewall) for the next hop. All extranet traffic flows though our existing extranet interface on our coroprate Firewall.
What we want to do today is possibly use a Cisco 5540+ to terminate all Site-2-Site tunnels and our normal extrnet traffic. I am use to a Cisco asa 5510 which only had one public interface and several inside interfaces. Does the Cisco ASA 5540 give you the ability to have server external interfaces and several internal interfaces? Example all our VPN traffic would terminate to our DMZ interface internally and all our extranet traffic our terminate to a different interface rather then haveing them all terminate on the same interface?
I dont know if i understood you right but I guess you want have more than one public interface. The big problem you will get in is that you can not have more than one default gateway in your ASA, so if the IP address of all the s-2-s vpns are static and the clients are dynamic you can set the static routes for the interface where the s2s will come and leave the default for the one with c2s. If both of them are dynamic i guess there is no way to do it.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :