Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA for remote access VPN

I already use a Netscreen for my site-to-site VPN's and I would like to implement an ASA to handle the remote access client VPN's.

Has anyone done this before?  If so how would I go about doing it? Hang the ASA off one my netscreen ports?

4 REPLIES

Re: ASA for remote access VPN

Hi,

Where to connect it depends on your layout.

The ASA can definitely be used to terminate VPN remote access IPsec connections.

Hope this link will help you, let us know if you have any questions:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

Federico.

New Member

Re: ASA for remote access VPN

Thanks Frederico.

Assume my layout is this:

Internet < ------ > Netscreen FW < ------ > Core Switch-router <------> LAN.

Your thoughts?

Re: ASA for remote access VPN

You're going to use the ASA for anything else besides terminating the remote access VPNs?

For terminating VPN connections you can position the ASA either in-front, in-parallel (if having a switch) or behind the Netscreen FW.

It depends who has the public IP address and on the functions that are going to performed the ASA and the Netscreen.

Federico.

New Member

Re: ASA for remote access VPN

No, solely for terminate remote access VPNs.

I have a switch in between my FW and my edge modem, I also have public IP's that I can use for the outside interface.  Netscreen should be the entry point for all NON remote access traffic.  ASA should be entry point for remote access traffic and should go through the Netscreen.  So in front or parallel should work without fail.

If it were behind it I would tunnel all dial-up vpn traffic through FW to ASA.  I would rather tunnel remote access VPN through FW and set policies there to allow/deny traffic.  Would that work?

296
Views
0
Helpful
4
Replies