Until now, I have installed firewalls and VPN boxes in parallel, as two separate devices. Now, however, I am working with an AS-5500 and I am a little confused about the interaction between the two functionalities.
To get started I created these rules:
access-list ACL_IN extended permit ip any any access-list ACL_IN extended permit icmp any any access-group ACL_IN in interface outside access-group ACL_IN in interface dmz
That should allow all traffic from the Internet into the DMZ, right? I am guessing those rules apply to the firewall mode, but what about VPN mode? Will my pings and IP traffic go through when I have an IPsec session?
-Ramon F Herrera