cancel
Showing results for 
Search instead for 
Did you mean: 

Who rated this post

Cyber Elite
Cyber Elite

@Gio_Rivera,

We actually have an office setup like this because they were using the ASA for VPN for a bit. Essentially how it was configured was how @vsys_remo already mentioned; the ASA was a standalone layer3 connection that didn't perform NAT on the AnyConnect addresses and just routed them to the layer3 interface with an 'AnyConnect' zone on the firewall. Then the firewall simply has static routes telling it to route traffic for the AnyConnect IP pools back to the ASA. 

This configuration essentially allowed us to "ignore" the ASA and treat it as a termination point. All security policies were handled by the PAN firewall and the ASA was essentially just a dumb VPN concentrator for AnyConnect purposes. 

Who rated this post