11-01-2010 06:44 AM
I am trying to come up with a good topology for integrating an IPSEC VPN via a Cisco ASA 5540 at the main site and a branch site but I want to keep the current production 3825 router inline. I need design support on where to connect the ASA in relation to the production network in order to stand up an LAN-to-LAN IPSEC VPN to a new branch office. The Cisco ASA VPN Deployment guides all show the ASA as the edge device, the last device intefacing with the ISP but I need to see how to integrate the ASA into the production environment if I leave the 3825 inline connected up to Verizon. How can I leverage the Cisco ASA 5540 LAN-to-LAN VPN between main site and the branch but leave the current production router inline?
Thanks!
Matt
11-01-2010 07:00 AM
What do the routers do? Terminate a DS3 from the carrier? NAT? Firewall? How about a diagram?
11-01-2010 07:53 AM
Colllin
There is no firewall, a NAT Pool with private addresses for the LAN. The WAN interface is a frame relay point to point serial interface. So I can't put the ASA in "replacement" of the 3825. However, someone at a higher paygrade than me did a purchase to begin planning for additional branch sites to be stood up. How do I still use the ASA 5540 to setup an IPSEC VPN?
Thanks!
Matt
11-01-2010 08:13 AM
Does the router also have an internet connection attached?
11-01-2010 08:20 AM
There currently isn't an internet connection. However, cost cutting measures may bring us to the point of accepting a FiOS business solution for a connection.
11-01-2010 08:24 AM
I hope you understand I'm just trying to get some background :-) Putting an ASA behind the router isn't too big of a deal. If you have to NAT can you move it to the ASA instead of the router? I would make the router as transparent as possble (no services running on it) and have the ASA do all the work.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: