Solved

Cisco ASA 5510 & 2811 VPN Router

Posted on 2012-03-23
3
975 Views
Last Modified: 2012-03-26
We currently have a Cisco ASA 5510 setup with a DMZ  for Citrix Secure Gateway Access.  We are in the process of implementing new hardware/software and the vendor is requesting that we purchase an additional Cisco 2811 VPN router to create a tunnel for them to have access to the new servers.  Their recommendation was to set the new router publicly in front of/separate from the ASA and then inside LAN connection would be connected to the DMZ behind the ASA 5510.  By doing this, do we then need to configure NAT rules or static routes so that when traffic going through the 2811 falls in the 5510 DMZ there is a route to our corporate LAN for server access that is still secure?  My initial question was why not just create a VPN tunnel using the ASA and eliminate the 2811 all together and not route anything through the DMZ?
0
Comment
Question by:CMCITD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 17

Accepted Solution

by:
MAG03 earned 250 total points
ID: 37758513
I don't see a need for the 2811.  But one thing to take into account is the capacity of the ASA, thoughput, vpn through put, max connections...etc. If the ASA is sufficient to meet your requirements then there is no need to buy more equipment.  Just create a VPN form the ASA as you mentioned.
0
 
LVL 15

Assisted Solution

by:Robert Sutton Jr
Robert Sutton Jr earned 250 total points
ID: 37765380
What type of license do you currently have on your ASA5510? Secondly, look at the bigger picture. What resource(s) "Exactly" do they need access to? Having a vendor request you purchase another router (2811 in this case) for the sole purpose of accessing a local resource(s) is absurd. Especially if you already have a capable device in place. Let us know.
0
 

Author Closing Comment

by:CMCITD
ID: 37765858
Resources are of no concern.  We are using this ASA for 2 vpn tunnels with only 2 client workstations on the other endso throughput is nowhere near max.  The Vendor is a major EMR vendor that I believe is attempting a strong arm approach at purchasing additional hardware.  The 2811 sole purpose would only be used if the company needs to remote in and troubleshoot issues with servers that we cannot handle ourselves so yes it is absurd.  THanks for both of your input on this.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Advice on router and switch 25 82
Unable to login to Cisco C800 Ver 15.3(3)M4 8 52
HP Storage and Cisco Nexus 4 67
Need to cut my Verizon home cost 3 54
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question