Chapter 3 Planning a VLAN Configuration
Deployment Scenarios Using VLANs
3-8
ASA 5505 Getting Started Guide
78-18003-02
Teleworker Deployment Using Three VLANs
Although not required, using three VLANs can be useful in other situations, such
as when deploying a remote VPN hardware client to support a teleworker.
In Figure 3-4, an ASA 5505 is installed in a home office environment and used as
a remote VPN hardware client. The ASA 5505 is configured for three VLANs:
• Inside (Work) VLAN that consists of all devices used to support access to the
main corporate network
• DMZ (Home) VLAN that consists of devices that can be used by all members
of the family
• Outside (Internet) VLAN that provides Internet connectivity for both the
Inside and DMZ VLANs
In this case, the ASA 5505 protects the critical assets on the Inside (Work) VLAN
so that these devices cannot be infected by traffic from the DMZ (Home) VLAN.
To enable devices in the Inside (Work) VLAN to establish secure connections
with corporate headend devices, enable the Easy VPN hardware client
functionality so that only traffic from the Inside (Work) VLAN initiates VPN
connections. This configuration enables users on the DMZ (Home) VLAN to
browse the Internet independently of the Inside (Work) VLAN, and the security
of the Inside (Work) VLAN is not compromised.
To Next Page
Loading...
