Solved

DMVPN and ASA

Posted on 2014-11-14
2
2,806 Views
Last Modified: 2014-11-21
Hi All,

Quick question you experts may be able to answer? ….  We going to setup DMVPN for Cisco for our Head Office and Remote Offices. Originally we was going to use ASA's to run the VPN but found out it Needs to be DMVPN, as it’s the only one of the VPN lot on Cisco which supports Dynamic IP’s at both ends and termination by FDQN for the Peers.

I’m running ASA Software 9.0 on out ASA’s but I understand DMVPN is still not available on the Cisco ASA’s? So I have procured a couple of Cisco 2911's for sites and 2921's for Head Office.

Now what … I’m trying to decide … Should the DMVPN Router be in front of the ASA or After?

Cheers
TME
0
Comment
Question by:TrustGroup-UAE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 10

Assisted Solution

by:rscottvan
rscottvan earned 150 total points
ID: 40445753
typically WAN routers are outside firewalls.  I think it would create a lot of additional complexity to place the routers inside the firewalls.
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 350 total points
ID: 40447846
I would put the DMVPN router in a VPN-DMZ, essentially you are using the router as a dedicated VPN device. I assume your sites are operational and already have a WAN edge router in place?

This way you could terminate DMVPN behinf the firewall in a DMZ using source and destination controls as well as IPSEC controls. The traffic would then route unencrypted traffic through a firewall interface where you can inspect and apply policy and controls on the traffic.  I believe  you would leave a door open if you terminated the VPN out side the firewall then routed the traffic to the inside.

In the end it will come down to how much risk you are willing to take? Is the traffic from remote sites secure? is there an internet component?


harbor235 ;}
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
fabric 1 59
What is an ASP Table on a Cisco ASA? 3 52
Network setup between buildings 4 61
Unable to login to Cisco C800 Ver 15.3(3)M4 8 14
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question