I'm getting ready to move our VPN connections from the VPN Concentrator to our ASA which is also our internet firewall. My question is, does it make sense to connect one of the ASA's unused ports to the DMZ and use that as the VPN port or just configure VPN to come in to the outside interface (which is already plugged in to the DMZ anyway)? My thought was to plug in a new port with a new IP to keep VPN traffic seperate from other internet traffic.
then u need to setup the vpn and use the secondary interface for the vpn and give the vpn client the secondary public ip address in this case the vpn inbound and communication will be through the secondary ISP (interface) while other traffic like outbound intternet will be normaly through the primary and if the primary gos down will be through the secondary
Well my question actually was to seperate only VPN traffic to a different interface. I have a /24 block of IPs from our ISP, so this second interface would still go through the same ISP but have a differnet IP address. Then I'd set up DNS to point to that IP for VPN only. All outbound internet trafffic (and other inbound traffic like mail) would still go through the other primary interface.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...