Solved

DMVPN and ASA

Posted on 2014-11-14
2
2,359 Views
Last Modified: 2014-11-21
Hi All,

Quick question you experts may be able to answer? ….  We going to setup DMVPN for Cisco for our Head Office and Remote Offices. Originally we was going to use ASA's to run the VPN but found out it Needs to be DMVPN, as it’s the only one of the VPN lot on Cisco which supports Dynamic IP’s at both ends and termination by FDQN for the Peers.

I’m running ASA Software 9.0 on out ASA’s but I understand DMVPN is still not available on the Cisco ASA’s? So I have procured a couple of Cisco 2911's for sites and 2921's for Head Office.

Now what … I’m trying to decide … Should the DMVPN Router be in front of the ASA or After?

Cheers
TME
0
Comment
Question by:TrustGroup-UAE
2 Comments
 
LVL 10

Assisted Solution

by:rscottvan
rscottvan earned 150 total points
ID: 40445753
typically WAN routers are outside firewalls.  I think it would create a lot of additional complexity to place the routers inside the firewalls.
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 350 total points
ID: 40447846
I would put the DMVPN router in a VPN-DMZ, essentially you are using the router as a dedicated VPN device. I assume your sites are operational and already have a WAN edge router in place?

This way you could terminate DMVPN behinf the firewall in a DMZ using source and destination controls as well as IPSEC controls. The traffic would then route unencrypted traffic through a firewall interface where you can inspect and apply policy and controls on the traffic.  I believe  you would leave a door open if you terminated the VPN out side the firewall then routed the traffic to the inside.

In the end it will come down to how much risk you are willing to take? Is the traffic from remote sites secure? is there an internet component?


harbor235 ;}
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
what kind of tasks do I need to conduct in order to configure ip-sec in AWS 1 27
Managed vs unmanaged switches 8 49
SSL VPN 3 20
Help with ASA config smtp traffic 10 30
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now