<div>
<div class="content wysiwyg-content">
Im trying to design a new solution where I have 2 eggress interfaces. DMZ1 is an MPLS circuit where i have direct connection to client subnet 33.0.0.0 which is working fine. We will be setting up a new VPN tunnel going via outside the ASA as a backup path using IPSec VPN using a floating static route.<br />
<br />
My question is would the ASA encrypt the traffic first before pushing it to DMZ1 or would it only encrypt traffic if DMZ1 fails and the outside path is voted as the new best route?
</div>
</div>


Im trying to design a new solution where I have 2 eggress interfaces. DMZ1 is an MPLS circuit where i have direct connection to client subnet 33.0.0.0 which is working fine. We will be setting up a new VPN tunnel going via outside the ASA as a backup path using IPSec VPN using a floating static route.

My question is would the ASA encrypt the traffic first before pushing it to DMZ1 or would it only encrypt traffic if DMZ1 fails and the outside path is voted as the new best route?

directional encryption of VPN traffic on Cisco ASA

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.