- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-08-2019 10:59 AM
I can confirm since I have done this in the past. We vwired it on the untrust side and then plugged it into the PAN on the trust side and created its own zone for it. That way all the ASA did was terminate the tunnels and the PAN did the rest of the inspections and allowances.
03-08-2019 10:59 AM
I can confirm since I have done this in the past. We vwired it on the untrust side and then plugged it into the PAN on the trust side and created its own zone for it. That way all the ASA did was terminate the tunnels and the PAN did the rest of the inspections and allowances.
03-08-2019 12:02 PM
Many thanks for confirmation.
Will do this soon on our end.
Good to know if works with VPN.
03-08-2019 12:03 PM
Hello,
Yeah the PAN does a better job of protection. I also created a policy to only allow VPN application traffic. If this is for site2site, I would say limit it to source/destination as well.
Cheers!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!