I have 5 sites connected by ASG Site-to-Site SSL VPN and our ACC sits in one site.
Each ASG is set to talk to the ACC by its private IP address, but I'm thinking about setting up a DNAT on a public IP to bring in 4433 to the ACC and changing each ASG to use the public IP address.
1. I'm wondering if exposing the ACC like this is unwise, or better; as the setup no longer depend on the SSL VPN.
2. When ASGs are centrally managed, do ASGs connect in to the ACC, or do the ACC connect to the ASGs? or does both happen? A couple of ASGs are behind ISP nat firewalls (Home office).
Thanks,
Brian
More to the point, how can I change from an SSL VPN to an ACC deployed IPSEC vpn, when removing the ssl vpn will break the ACC's connectivity with the ASG?
This thread was automatically locked due to age.
