Hi
No, the outside of the router is outside the firewall. The tunnel
terminates on that device and we drop the client traffic through the
vrf and a sub-int onto a vlan that's presented as a DMZ to the
firewall context. Any security policy can then be applied to it via
the ASA.
David
...
On 20/07/2009, at 10:01 AM, Clue Store wrote:
Hi David,
Does this mean you're terminating the ipsec tunnel on a router
inside the
vrf through the context?? I was thinking about this but wasn't sure
what
nastyness would come out of it. MTU issues, etc...
On Sun, Jul 19, 2009 at 4:39 PM, David Hughes <[email protected]>
wrote:
On 20/07/2009, at 4:13 AM, Clue Store wrote:
If it doesn't support
SSL VPN, what are other folks doing for VPN's in this situation
where
multiple contexts are being used??
Hi
We use a router running vrf-aware ipsec to drop users from each
customer
into a vlan on their ASA context. Works pretty well.
David
...
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
