Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Terminating VPN at ASA sitting behind 2911

Hi,

 

I'm planning to get a new ASA 5545 and place it behind the 2911, which has all access lists for the corporate.

As we need to expand site-to-site VPN and set up a proper DMZ, ASA was considered one of best options as a VPN termination point.

 

The issue is I've only got a couple of weeks to install ASA which is not enough time to transfer all access lists into the firewall and switchover.

I'm thinking to connect new ASA to one of Gig ports on 2911 and assign public IP address to interfaces on the router and ASA, and then connect one of Gig ports to core switch.

And then I'm thinking to terminate the VPN at the ASA.

 

Can someone please share some ideas on this? I'm not totally sure whether this scenario is plausible or not.

 

 

Cheers,

John

Everyone's tags (1)
1 REPLY

Hi, The good way is, you have

Hi, 

The good way is, you have to use notepad. Copy all router's ACL modify there and paste in ASA.

On the other hand, if you want to install both, enable pat on router and permit VPN traffic redirecting to ASA ESP,UDP 4500 and 500 (isakmp). It will save your 2 public IP.

 

Regards,

kazim

57
Views
0
Helpful
1
Replies
CreatePlease to create content