i'm going to be replacing my PIX's & Concentrator soon. Since they are separate boxes, they have separate public IP's. when i consolidate them down to an ASA 5520, should i use multiple interfaces for the public side or can i get away with just using 1? i need the VPN portion to terminate lan-2-lan tunnels as well as ipsec remote access. the firewall side is going to provide internet access for my users as well as NAT some devices. thanks
I see his point about configuration complexities with using a single design and the potentially more difficult troubleshooting in case you run into a problem. I will say that I just completed the same consolidation you're working on (PIX FW + VPNc to a dual ASA active/passive fail over), and I have so far had no problems with it. You get a MUCH higher VPN throughput with the ASA then the concentrator, and you can set up anyconnect on the ASA if you choose. I also like the ASA interface (both the ASDM and CLI) MUCH better then the concentrator (I get really frustrated that there is no cli in the vpnc).
I also had the same dilemma as you about going with a single outside interface or going with two, and I ended up going with a single interface. At this point I have several HW easyvpn clients, L2L and anyconnect VPN set up and it's working out great so far....really happy to be off that VPNc as you can probably tell. :)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...