Meraki/Cisco SSL VPN question
I am installing a new Meraki firewall in our organization. I would like to be able to keep the ability to have SSL VPN that we currently have on our Cisco ASA firewall. Would anyone have any knowledge of what I would need to do in order to put the Cisco ASA behind the Meraki, open ports on the meraki to point to the ASA so I can still use it for client VPN access only. Meraki would handle everything but the VPN.
The nice thing about SSL VPN is that it works well with private addresses and forwarding. You can set the ASA up with only a private IPv4 address behind the Meraki MX unit and forward 80/tcp (for HTTP redirection and hotspot detection), 443/tcp (for SSL/TLS VPN mode) and 443/udp (for DTLS VPN mode) to the ASA and you should be good to go. I've done this with a number of customers who have moved to Meraki, but wanted to keep their AnyConnect headends running on ASA or ISR devices.
ASKER
Do I only need to connect the Inside port on the ASA to the network and just NAT the external IP to that Inside IP of the ASA on the Meraki? In addition to the ports of course. I think this would be a much better solution for us then switching to the Meraki VPN.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
awesome. Thank you for the help. I will try it out once we do the Meraki cut over.
Then on your LAN Switch you will need a route for the AnyConnect IP Pool for routing it to the ASA not the Meraki.
P