Right now I am trying my best to get a VPN configured and working, this is my first attempt and also new to Cisco products. I have attached a copy of my network diagram, to help show what I have and how it is layed out. The way I have things running now, is that my first ASA is configured on for firewall and security. I have that going directly into my Cisco Router and the router handles the DHCP, DNS, and so on. I have an extra ASA, can I configure that one to act as the VPN access to my network, so I don't have to mess with my primary one?
You could set the second ASA up to terminate your VPN connections, but it may be more resilient to cluster your spare ASA with the primary and have that device do both VPN & Firewall. This way your VPN concentrator & firewall will be protected in case of equipment failure. Another option may be to terminate VPN at the 3660 depending on what version of code that runs.
Now if you configure for cluster configuaration, u only need to configure for vpn and firewall on one of the ASA(primary) and it would be replicated to the other ASA(standby). The 1st link given above will provide you with complete details.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...