Designing ASA Firewall

Unanswered Question
Mar 20th, 2008


I need to desing the outer firewall for my company. Now i'm doubting about the design and about the product choice.

The situation is

We have a provider equipment facilitation 2 ports at the inside. One for internet and one for our brache offices. I need to create 2 DMZ on that firewall. Is it sufficent to do it with a ASA 5510 or do I need to use ASA 5520, as we will in a later stadium high availability.

I will include 2 drawings of phase 1, and phase 2 as i see it.

Is the design correct?

Can anyone help me with this one.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
francisco_1 Thu, 03/20/2008 - 02:19

you can have 2 dmz on either 5510 or 5520. they have the same number of ports (4 interfaces, 1 management). the differences are the throughput and type of interfaces. on the 5510 the interface type is fastethernet and on the 5520 gives you a gig interfaces. throughput on the 5510 300 Mbps and the 5520 450 Mbps.

Let me know if you neewd help with config.


Please rate if this helps.

jorg.ramakers Thu, 03/20/2008 - 02:27


Thanx for the quick response.

So i need the 5510 with security plus license.

Is it possible to upgrade to 3 DMZ or do i need to buy another ASA appliance?



francisco_1 Thu, 03/20/2008 - 03:18

will the asa on be used for only dmz traffic in your design? are you planning to route any other traffic on the asa?

jorg.ramakers Thu, 03/20/2008 - 03:34


The ASA will be doing Client IPSEC vpn Tunnels, traffic for DMZ, and allowing also some traffic for the second firewall like SSL vpn


jorg.ramakers Thu, 03/20/2008 - 02:28

Hi Francisco,

Do you also have configuration examples, as i do need to write the functional and techinal design.



This Discussion