Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote Access VPN on Perimeter Firewall

Hi,

We have a pair of ASA 5520 as our commercial web portal perimeter firewall. Is it feasible to configure remote access VPN (for remote management) on the same set of firewalls or is it better to use a separate firewall for this purpose.

Would there be any performance degradation...(max would be 5 users at any point in time).

3 REPLIES

Re: Remote Access VPN on Perimeter Firewall

Yes you can, when you say remote management are you referring to management of the firewall? if so you have many other options if it is just for remote management of the firewall.

1- You can configure RA VPN and manage the firewall or any other resources inside your network.

0r

2- If it is just for firewall management and nothing else you can simply allow the access from source IP and destination of the firewall outside interface.

For example if user1 with public ip of 20.20.20.20 you can allow management to the firewall exclusivaly from that IP as:

This scenario would be for a user who has permanent static IP, would not recommend this scenario if user changes public IP. The downside in this is the user is bound to manage the firewall from that only Ip address as suppose to using Cisco VPN client RA.

asa(config)#http 20.20.20.20 255.255.255.255 outside

asa(config)#ssh 20.20.20.20 255.255.255.255 outside

or

3- You can configure SSL Webvpn for those users, there is no client needed to be installed on the 5 users machines , through ssl webvpn you can then allow them access to any system to manage the firewall. This scenario provide beter mobility as ssl vpn just requires web browser that supports SSL which most browsers do.

Would there be any performance degradation...(max would be 5 users at any point in time).

NO

Regards

New Member

Re: Remote Access VPN on Perimeter Firewall

Hi,

Can the servers and network devices be managed over SSL WebVPN. If so, how can it be achieved.

Thanks.

Re: Remote Access VPN on Perimeter Firewall

Through webvpn you can access any systems inside your network that provides network management , whether web-based management apps or rdp to management stations you can simply access those apps from within Webvpn session. Perhaps with Anyconnect SSL client you may be able to manage devices from the connected source, if you do need to directly manage remote network better to stablish a L2L vpn to manage remote network through permanent ipsec tunnel.

Regards

329
Views
9
Helpful
3
Replies