Solved

DMVPN and ASA

Posted on 2014-11-14
2
2,518 Views
Last Modified: 2014-11-21
Hi All,

Quick question you experts may be able to answer? ….  We going to setup DMVPN for Cisco for our Head Office and Remote Offices. Originally we was going to use ASA's to run the VPN but found out it Needs to be DMVPN, as it’s the only one of the VPN lot on Cisco which supports Dynamic IP’s at both ends and termination by FDQN for the Peers.

I’m running ASA Software 9.0 on out ASA’s but I understand DMVPN is still not available on the Cisco ASA’s? So I have procured a couple of Cisco 2911's for sites and 2921's for Head Office.

Now what … I’m trying to decide … Should the DMVPN Router be in front of the ASA or After?

Cheers
TME
0
Comment
Question by:TrustGroup-UAE
2 Comments
 
LVL 10

Assisted Solution

by:rscottvan
rscottvan earned 150 total points
ID: 40445753
typically WAN routers are outside firewalls.  I think it would create a lot of additional complexity to place the routers inside the firewalls.
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 350 total points
ID: 40447846
I would put the DMVPN router in a VPN-DMZ, essentially you are using the router as a dedicated VPN device. I assume your sites are operational and already have a WAN edge router in place?

This way you could terminate DMVPN behinf the firewall in a DMZ using source and destination controls as well as IPSEC controls. The traffic would then route unencrypted traffic through a firewall interface where you can inspect and apply policy and controls on the traffic.  I believe  you would leave a door open if you terminated the VPN out side the firewall then routed the traffic to the inside.

In the end it will come down to how much risk you are willing to take? Is the traffic from remote sites secure? is there an internet component?


harbor235 ;}
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question