shijomon scaria Fri, 02/29/2008 - 22:11
User Badges:

Thank you sir,

can u please specify the physical connection details..... Actually i need to pass the traffic through both the devices one after another to get the IPS and Anti X features.... Then how should i connet both the devices together??

rleivaoc Fri, 02/29/2008 - 22:26
User Badges:
  • Cisco Employee,

Well, if you are thinking about stacking both devices like so:


You can, but you are going to need to think about the overhead the IPS and CSC module scanning is going to create. In addition, you are going to create a more complex configuration on both units for traffic to pass. However, you can limit this by turning off NAT-CONTROL on both units, but, this will create some security concerns.

I hope this helps

shijomon scaria Fri, 02/29/2008 - 23:26
User Badges:

So as u said i can connet both devices back to back, from one's any port to other's any port, isnt it..??


ISP <--> ASA1 GE0

ASA1 GE1 <--> ASA2 GE0

ASA2 GE1 <--> Inside

onlyabhishek007 Fri, 03/07/2008 - 00:13
User Badges:

u can use the on firewall as a routing device and another firewall as a tranparent mode. so the network diagram like

ISP-----> ASA (csc) --------> ASA (aip) transparent ---------> switch


This Discussion