I need help with VPN SSL solution design. My main questions are listed below.
Currently customer has 2 routers as vpn termination devices. One router is used to terminate the customer's employees and the other device terminates the partners session.
The customer would like to use the new SSL VPN solution from Cisco using ASA 5520. Instead of 2 vpn routers (existing solution), the customer would like to use one vpn termination device for three different types of users: employees with full access (SSL VPN with annyconnect client) , 3d parties /partners with restricted access (SSL VPN with annyconnect client) and one connection to mobile office (Easy IPSec implemented on the cisco router). The authentication of users should be integrated into Active Directory of the customer.
The VPN ASA will be installed behind the firewall. The firewall translate the public ip address into private one.
1 Question: based on the best practice: what to do with un-encrypted traffic? To send it back to firewall or to connect directly to internal LAN?
2 Question: how to differentiate between employee and partner access since they use the same connection profile? Is it possible to place them into different VLANs? Can I use only one public address or I need to use two different addresses: one is for employees and one -
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...