The scenario is that our office has 1 Internet connection coming into the outside of our ASA, and then 1 port on the inside is split into subinterfaces/VLANs to handle traffic for different networks/DMZs. I want clients on one of the DMZs (guests put on a wirelessguest VLAN by our Cisco 5500 Wireless Controller) to be able to establish a VPN session so they can access the corporate/private side of our network. This will be for a couple of vendors that already have VPN access to our network, but would require the same access (wirelessly) while they are onsite.
I've been told that this scenario would require us to have a second internet connection so that all traffic from the wirelessguest VLAN is routed out that second connection, and they could then establish a VPN connection with the outside interface on the ASA. Is this true? There is no way for us to have devices on a VLAN establish a VPN connection without routing that connection over the internet?
I can provide more details if necessary...
I've been told that this scenario would require us to have a second internet connection so that all traffic from the wirelessguest VLAN is routed out that second connection, and they could then establish a VPN connection with the outside interface on the ASA. Is this true? There is no way for us to have devices on a VLAN establish a VPN connection without routing that connection over the internet?
I can provide more details if necessary...