Setup VPN using separate interfaces from ASA to L3 switch
I would like to setup a host-to-net VPN on my dual ASA 5520s. I want to put the VPN traffic on a separate VLAN. I attached a diagram to show what I would like to do. Because I'm using an inline Barracuda web filter I can't send VLAN trunks through the inside interface. So I guess I would have to utilize a separate interface that would send the VPN VLAN around the barracuda. How can I route traffic this way?
My main server VLAN is 192.168.0.0/24 which also has inside interface of the ASA on it. I would like to have the VPN on VLAN 60 (192.168.60.0/24) and force the traffic from the ASA, around the barracuda, and to the switch stack for routing.
Basically, I want VPN sessions to be filtered by the Barracuda unit, just like everyone is at the office. I want incoming VPN sessions to go through a separate interface back to my switch stack and then follow the same path as everyone else out to the Internet for web browsing. I'm assuming that this will involve ACL's on the ASA interfaces.
Re: Setup VPN using separate interfaces from ASA to L3 switch
One way you may be able to achieve this is via VLAN mapping. You can trunk the second interface to the switch and configure a VLAN subinterface. You can then associate the VLAN with the VPN client group-policy. You could then configure a tunneled default route or more specific routes via this interfaces.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...