Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA VPN Question

Right now I am trying my best to get a VPN configured and working, this is my first attempt and also new to Cisco products.  I have attached a copy of my network diagram, to help show what I have and how it is layed out.  The way I have things running now, is that my first ASA is configured on for firewall and security.  I have that going directly into my Cisco Router and the router handles the DHCP, DNS, and so on.  I have an extra ASA, can I configure that one to act as the VPN access to my network, so I don't have to mess with my primary one?Home_Network(2).jpg

5 REPLIES

Re: ASA VPN Question

You could set the second ASA up to terminate your VPN connections, but it may be more resilient to cluster your spare ASA with the primary and have that device do both VPN & Firewall. This way your VPN concentrator & firewall will be protected in case of equipment failure. Another option may be to terminate VPN at the 3660 depending on what version of code that runs.

New Member

Re: ASA VPN Question

I like the cluster idea...but how would I do that?  I am new to all this, mainly learning as I go....would you be willing to assist in the setup of the second ASA?

Cisco Employee

Re: ASA VPN Question

Hi Jonathan,

You can have the 2 ASA's in a cluster or Primary/Secondary formation, so that you would have a failover mechanism. Following link provides you with complete details of such a configuration:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

This link provides you with configuration of VPN on the ASA:

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/sitvpn.html

Now if you configure for cluster configuaration, u only need to configure for vpn and firewall on one of the ASA(primary) and it would be replicated to the other ASA(standby). The 1st link given above will provide you with complete details.

Let me know if this helps,

Cheers,

Rudresh V

New Member

Re: ASA VPN Question

Any idea if I have basic license for both ASAs....failover is disabled......on both of mine....

Cisco Employee

Re: ASA VPN Question

Hi Jonathan,

Here are the license requirements for Active/Standby configuration:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#req

License requirements for Active/Active failvoer configuration:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#req

Let me know if this answers your question,

Cheers,

Rudresh V

292
Views
5
Helpful
5
Replies