Hey all, I'm currently trying to set up an ASA 5525-X as an AnyConnect VPN server. The interesting part is that I'm using this as strictly a VPN box where my redundant ASRs are responsible for NATing/routing in and out of the LAN. I'm thinking there are one of two ways to approach this. One would involve having the ASA have an inside and outside interface being used so clients would come in through the outside interface but servers on the LAN would go through the ASRs. This would give me a dedicated LAN and WAN port but might muddy up routing in the sense that it's another box in the OSPF topology. Having said that, I'm not sure how much of a kludge that would really be in the grand scheme of things.
The other alternative is to set up 1:1 DNAT rules for port 443 on the ASRs pointing to the ASA. The ASA would be in a one-arm setup where there is only one way for everyone to get in and out. Again, not sure how much this would look if I'm setting up the same DNAT rule on two routers.
Has anyone set up an ASA in a similar fashion? What are everyone's thoughts? I can clean up the post as needed and answer any other questions about the environment. Thanks in advance!
No comments:
Post a Comment