Hello, I am trying to deploy a in-band solution for VPN users. There have been a few surprises after having started this project.
1. Because users are coming in over a VPN the topology must be in-band. 2. If you want to have redundant CAS servers they cannot be separated by a NAT firewall from the CAM. Thus the reason why we have the CAM in the DMZ with the CAS. I have a diagram here: http://www.flickr.com/photos/31154...@n07/3833723810/sizes/o/ My problem now is the ASA does not see the CAS as a L2 device as it should. And DMZ switch does not see the ASA as a L2 device. In other words on the ASA I don't see an arp entry for 192.168.48.3 and on the switch I don't see an arp entry for 192.168.48.1. What am I doing wrong?
