Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

paa
New Member

ASA VPN network design

Hi! I have read many documents about network design on SRND site, but I haven't read about ASA VPN design.

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/IPSec_Over.html - all VPN terminates on routers

http://www.cisco.com/en/US/docs/solutions/Enterprise/Branch/E_B_SDC1.html - VPN terminates on routers, ASA are just firewall.

What is a right network design if I want to terminate VPN on ASA?

  • VPN
2 REPLIES

Re: ASA VPN network design

Think of VPN design discribed in your great links as a concept/guideline that can also be applied to ASA5500 appliences

in your infrastructure internet EDGE-parameter when using VPN technologies.

There are very common design examples in this link for ASA appiences

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

L2TP over IPSec

Remote Access VPN

Easy VPN

SSL VPN/Web VPN

Site to Site VPN (L2L) with ASA

Site to Site VPN (L2L) with IOS

Site to Site VPN (L2L) with VPN3000

VPN with Non-Cisco Devices

Regards

New Member

Re: ASA VPN network design

We have our ASA's in vpn load balanced design, parallel to our firewall terminating SSL VPN sessions with an RSA Authentication server providing user authentication via RADIUS.

All the VPN clients get their own IP address from a pool configured on the ASA and then we use ACL's to permit access from the vpn net to the inside nets. We can granularly control access if we so desire.

Hope this helps.

177
Views
0
Helpful
2
Replies