Topology: Typical router-on-a-stick. Going to insert the ASA between router and switch. Internet <-NAT-> CCR1009 <---> 3750-X <---> 4VLANs
Goals: * Separation of functionality (router do routing, firewall do firewalling, etc) * Provide remote access VPN * Provide site-to-site VPN, since I want to participate in dn42 with my VPSs
Plans in my head: 1. Use multiple contexts mode. Ctx 1 set to transparent mode and handle LAN, Ctx 2 set to routing mode to do VPNs. But this config requires Anyconnect Apex license. There're two versions of Apex licenses on Provantage and I had a hard time figuring out which one I should buy. What's the deal with the 1 per user license? And I'm not exactly sure how do I get VPN clients into my existing VLANs.
- Just routing mode all the way. I don't think I should set up NAT on ASA too as it would become double NAT. Which way should I take, set up NAT on ASA instead, set up routing protocol or just static routes? It would kinda defeats my first goal as it becomes the second hop but I think it's cleaner and adds a bit more of complexity (read: geeky feel) ;)
I would like to know if there's third way. But please don't tell me to drop the ASA, because, well, "lab"?
Also I need to find some quiet 4cm PWM fans to replace the stock fans on the ASA. My gears are in the living room, although they are audible, they are pretty quiet despite 1U size and I want ASA be quiet like them. Stock fans at their minimum 9K RPM are still noisy, my parents won't let it goes into production.
Enough of questions, thanks networking people!
No comments:
Post a Comment