How Do I Integrate an ASA LAN-to-LAN VPN Keeping Cisco 3825 Inline

mlenco · ‎11-01-2010

I am trying to come up with a good topology for integrating an IPSEC VPN via a Cisco ASA 5540 at the main site and a branch site but I want to keep the current production 3825 router inline. I need design support on where to connect the ASA in relation to the production network in order to stand up an LAN-to-LAN IPSEC VPN to a new branch office. The Cisco ASA VPN Deployment guides all show the ASA as the edge device, the last device intefacing with the ISP but I need to see how to integrate the ASA into the production environment if I leave the 3825 inline connected up to Verizon. How can I leverage the Cisco ASA 5540 LAN-to-LAN VPN between main site and the branch but leave the current production router inline?

Thanks!

Matt

Collin Clark · ‎11-01-2010

What do the routers do? Terminate a DS3 from the carrier? NAT? Firewall? How about a diagram?

mlenco · ‎11-01-2010

Colllin

There is no firewall, a NAT Pool with private addresses for the LAN. The WAN interface is a frame relay point to point serial interface. So I can't put the ASA in "replacement" of the 3825. However, someone at a higher paygrade than me did a purchase to begin planning for additional branch sites to be stood up. How do I still use the ASA 5540 to setup an IPSEC VPN?

Thanks!

Matt

Collin Clark · ‎11-01-2010

Does the router also have an internet connection attached?

mlenco · ‎11-01-2010

There currently isn't an internet connection. However, cost cutting measures may bring us to the point of accepting a FiOS business solution for a connection.

Collin Clark · ‎11-01-2010

I hope you understand I'm just trying to get some background :-) Putting an ASA behind the router isn't too big of a deal. If you have to NAT can you move it to the ASA instead of the router? I would make the router as transparent as possble (no services running on it) and have the ASA do all the work.