shijomon scaria Fri, 02/29/2008 - 22:11
User Badges:

Thank you sir,

can u please specify the physical connection details..... Actually i need to pass the traffic through both the devices one after another to get the IPS and Anti X features.... Then how should i connet both the devices together??

rleivaoc Fri, 02/29/2008 - 22:26
User Badges:
  • Cisco Employee,

Well, if you are thinking about stacking both devices like so:


ISP-----Out-ASA/IPS-In---Out-ASA/CSC----inside


You can, but you are going to need to think about the overhead the IPS and CSC module scanning is going to create. In addition, you are going to create a more complex configuration on both units for traffic to pass. However, you can limit this by turning off NAT-CONTROL on both units, but, this will create some security concerns.


I hope this helps


shijomon scaria Fri, 02/29/2008 - 23:26
User Badges:

So as u said i can connet both devices back to back, from one's any port to other's any port, isnt it..??


Like

ISP <--> ASA1 GE0

ASA1 GE1 <--> ASA2 GE0

ASA2 GE1 <--> Inside

onlyabhishek007 Fri, 03/07/2008 - 00:13
User Badges:



u can use the on firewall as a routing device and another firewall as a tranparent mode. so the network diagram like


ISP-----> ASA (csc) --------> ASA (aip) transparent ---------> switch

Actions

This Discussion