Remote Access VPN

SecureMe's New York headquarters have a cluster of Cisco Adaptive Security Appliance (ASA) 5550s to terminate their remote access VPN connections. Four Cisco ASA 5550s have been configured for load balancing. They run WebVPN and IPsec VPN for remote users and telecommuters. However, NAC is applied only for IPsec VPN users. Figure 15-5 illustrates how the Cisco ASA appliances are configured within New York's headquarter offices.

All Cisco ASA appliances outside/public interfaces are directly connected to the Internet routers (VLAN 5). The inside/private interfaces of each Cisco ASA are connected to a DMZ in the Catalyst 6500 Firewall Services Modules (FWSM) in VLAN 50. The pool of IP addresses to be assigned to the remote access VPN users are in the range of 10.10.200.0/24.

NOTE Different pools of IP addresses are assigned to the remote access VPN users. However, for simplicity, in this example, 10.10.200.0/24 is used.

Each Internet-edge Catalyst 6500 is connected to other Catalyst 6500s that are connected to the rest of the corporate network.

Figure 15-5 New York's Cisco ASAs úi

Figure 15-5 New York's Cisco ASAs úi

209.165.202.128/27 I VLAN5

ASA 5550s

VLAN 50 Pool: 10.10.200.0/24

0 0

Post a comment