I have following scenario Cisco ASA 5520 in HA pair at HQ and Cisco ASA 5505 at the branches. Site to Site VPN tunnels connects the sites together. At HQ, Is it possible to put a pair of Sophos SG UTM in HA behind the ASA pairs without changing the existing IP address. This would mean bridge/transparent mode, but I don't think this is supported with HA and VPN tunnel to manage the Reds. Can someone confirm? At HQ, what ports needs to be opened on the Cisco ASA 5525 in order for the UTMs to manage the Reds? Is NATTING a public ip address required for the UTM or the RED will use the existing Cisco VPN tunnel? At branches, putting Sophos Red behind Cisco ASA 5505. What ports needs to open on the Cisco ASA 5505 in order for the Reds to connect to the UTMs? Thanks!

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM SG HA behind Cisco ASA HA

I have following scenario

Cisco ASA 5520 in HA pair at HQ and Cisco ASA 5505 at the branches. Site to Site VPN tunnels connects the sites together.

At HQ, Is it possible to put a pair of Sophos SG UTM in HA behind the ASA pairs without changing the existing IP address. This would mean bridge/transparent mode, but I don't think this is supported with HA and VPN tunnel to manage the Reds. Can someone confirm?
At HQ, what ports needs to be opened on the Cisco ASA 5525 in order for the UTMs to manage the Reds? Is NATTING a public ip address required for the UTM or the RED will use the existing Cisco VPN tunnel?
At branches, putting Sophos Red behind Cisco ASA 5505. What ports needs to open on the Cisco ASA 5505 in order for the Reds to connect to the UTMs?

Thanks!

This thread was automatically locked due to age.

Parents

Reply

Children

No Data