cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
440
Views
0
Helpful
2
Replies

2921router with zone-based firewall and VPN

cgarringer
Level 1
Level 1

I have a remote site coming up that will be on a site2site VPN until the MPLS is finished. The remote site is a 2921 router, the data center is an ASA5520. I am running ZBF on all the remote sites, my question is what zone is the site2site connection in? There is the physical interface to the Internet, and the tunnel for the VPN. is that the same zone?

Sent from Cisco Technical Support iPad App

2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

Hi,

if you are connected to an ASA then the VPN can't use VTI interface and so you're using regular crypto maps.

Am I right? In which case there is only a zone for the outside interface, if you're using VTI then you can have a zone for the VTI interface.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Ok, thanks.

Sent from Cisco Technical Support iPad App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco