?
Solved

DMVPN and ASA

Posted on 2014-11-14
2
Medium Priority
?
3,215 Views
Last Modified: 2014-11-21
Hi All,

Quick question you experts may be able to answer? ….  We going to setup DMVPN for Cisco for our Head Office and Remote Offices. Originally we was going to use ASA's to run the VPN but found out it Needs to be DMVPN, as it’s the only one of the VPN lot on Cisco which supports Dynamic IP’s at both ends and termination by FDQN for the Peers.

I’m running ASA Software 9.0 on out ASA’s but I understand DMVPN is still not available on the Cisco ASA’s? So I have procured a couple of Cisco 2911's for sites and 2921's for Head Office.

Now what … I’m trying to decide … Should the DMVPN Router be in front of the ASA or After?

Cheers
TME
0
Comment
Question by:TrustGroup-UAE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 10

Assisted Solution

by:rscottvan
rscottvan earned 600 total points
ID: 40445753
typically WAN routers are outside firewalls.  I think it would create a lot of additional complexity to place the routers inside the firewalls.
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 1400 total points
ID: 40447846
I would put the DMVPN router in a VPN-DMZ, essentially you are using the router as a dedicated VPN device. I assume your sites are operational and already have a WAN edge router in place?

This way you could terminate DMVPN behinf the firewall in a DMZ using source and destination controls as well as IPSEC controls. The traffic would then route unencrypted traffic through a firewall interface where you can inspect and apply policy and controls on the traffic.  I believe  you would leave a door open if you terminated the VPN out side the firewall then routed the traffic to the inside.

In the end it will come down to how much risk you are willing to take? Is the traffic from remote sites secure? is there an internet component?


harbor235 ;}
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question