hi, sorry to bother you guys on such a 'silly' question. I'm kind of new on network. here is my problem.
My logical network toplogy is like this: ISP-->FWSM on Cisco 6500-->F5-->Cisco 6500 switch. FWSM is working in transparetn mode. The static IP from ISP is allocated to F5. Now I'm required to deploy IPsec VPN with ASA 5505.
so, my question is that where I should setup this ASA 5505. I know the classic scenario is to allocate the static IP from ISP to ASA 5505, but in my case, it's been given to F5. How could i make it happen?
Personally, I would have the ASA either before or in-line with the FWSM. If your license for the FWSM can allow you more than one context (not sure if you get more than 2 on a normal licence) then have your current context transparent, then creat another one for your VPN solution.
If multiple contexts are not for you - then I would place the ASA before the FWSM, and create specific vlans- depends on the ASA model and interfaces (not counting the trunking function)
Yes, we're able to do multiple contexts. So 'in-line' might be my choice. If I create a new context, how can i deal with the ingress interface? My ISP interface is already given to the existing context...
Is there any document that might help me out? thanks so much~
sorry i didn't make it clear. My FWSM IS running in transprant mode, and the IP from ISP is not assigned to FWSM interface, but F5 Big-IP. I'll read the document you recommended, and any suggestion is appreciated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...