There are two secure sites, site A and site B. Administrators of the servers and network devices at each site and site site to site communication has to be secured by VPN.
Would the depicted design be possible whereby site to site communication is via a L2L IPSec VPN terminated on the ASA's at site A and B and with remote access IPSec VPNs terminated on the ASA at site A.
Presuming I am right in thinking that VPN can be enabled on multiple ASA interfaces, the only problem I can see, is whether administrators at site A, with remote access VPN configured on the ASA at site A, would be able to reach resources at site B over the L2L IPSec VPN.
Does anyone know of any design documents that I could use to help implement a solution like the one above. I have a potential customer that has the same solution in place on alternate vendor equipment.
Thanks for your reply, thats great. Basically you are saying that you have to make sure networks are defined for interesting traffic in the site to site crypto map to catch traffic destined for site B.
Am I right that an alternative method (Presuming a path/route exists), would be to enable remote access VPN on the ASA at site B also, and then administrators would simply need seperate profiles PCFs to access each site within their client. This would probabally be easier to implement also.
Yes that's right. That's the other alternative we have and yes that will be easier. But the first solution is the one u want if u want access to both sites simultaneously. If we have 2 separate PCFs for each site, at any point the client will have access to only the site he/she is connected to. At the end of the day, it all comes down to your requirement.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :