I currently have my vpn users on a pix515e config over ipsec terminating on my outside int. I am ordering a asa 5510 as i need another firewall for a smaller location and decided to just upgrade here and move this one, there!
my question. how does the asa work? i would REALLY like to have my vpn users on an entirely separate vlan so that i may assign an entire 254 address as a pool. currently i have to pick and choose for the pool which often runs out. how does work? does the asa use interfaces basically the same way the pix does? i was told before to "terminate my vpn on my dmz", not sure i understand that. i want my users to be able to access the internet through me, currently they are cut off from the net altogether as i refuse to do split tunnel. could someone give me some guidance?
also...other than making sure the interfaces align, can i use the pix config on the asa?
I understand the overlapping deal, this is why I want to change it. I was handed this network and realize this is not a good thing to have, but do not know exactly how to change it. So basically I just need to assign a pool of addresses to vpn users and route them how? how does my internal network know to allow these users access to local resources?
providing the inside net is directly connected to the asa, and there is no other wan link/router as a default gateway, then no configuration will be required for routing.
internet <--> asa <--> inside
internet <--> asa <--> dmz
with the simple topology above, no configuration will be required. one of the reason being the default gateway for all host would be asa.
internet <--> asa <--> inside <--> wan router <--> branch offices
with this topology, the default gateway of all host would be the wan router, thus either the wan router has the asa as the default gateway; or a static route for the vpn client pool has the asa as the next hop.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...