Teleworker Deployment Using Three Vlans - Cisco ASA 5505 Getting Started Manual

Deployment Scenarios Using VLANs

Teleworker Deployment Using Three VLANs

Cisco ASA 5505 Getting Started Guide
3-8
Although not required, using three VLANs can be useful in other situations, such
as when deploying a remote VPN hardware client to support a teleworker.
In Figure 3-4, an ASA 5505 is installed in a home office environment and used as
a remote VPN hardware client. The ASA 5505 is configured for three VLANs:
Inside (Work) VLAN that consists of all devices used to support access to the
•
main corporate network
DMZ (Home) VLAN that consists of devices that can be used by all members
•
of the family
Outside (Internet) VLAN that provides Internet connectivity for both the
•
Inside and DMZ VLANs
In this case, the ASA 5505 protects the critical assets on the Inside (Work) VLAN
so that these devices cannot be infected by traffic from the DMZ (Home) VLAN.
To enable devices in the Inside (Work) VLAN to establish secure connections
with corporate headend devices, enable the Easy VPN hardware client
functionality so that only traffic from the Inside (Work) VLAN initiates VPN
connections. This configuration enables users on the DMZ (Home) VLAN to
browse the Internet independently of the Inside (Work) VLAN, and the security
of the Inside (Work) VLAN is not compromised.
Chapter 3 Planning for a VLAN Configuration
78-17612-02