03-20-2008 02:11 AM - edited 03-11-2019 05:20 AM
Hi,
I need to desing the outer firewall for my company. Now i'm doubting about the design and about the product choice.
The situation is
We have a provider equipment facilitation 2 ports at the inside. One for internet and one for our brache offices. I need to create 2 DMZ on that firewall. Is it sufficent to do it with a ASA 5510 or do I need to use ASA 5520, as we will in a later stadium high availability.
I will include 2 drawings of phase 1, and phase 2 as i see it.
Is the design correct?
Can anyone help me with this one.
Jorg
03-20-2008 02:19 AM
you can have 2 dmz on either 5510 or 5520. they have the same number of ports (4 interfaces, 1 management). the differences are the throughput and type of interfaces. on the 5510 the interface type is fastethernet and on the 5520 gives you a gig interfaces. throughput on the 5510 300 Mbps and the 5520 450 Mbps.
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
Let me know if you neewd help with config.
Franco.
Please rate if this helps.
03-20-2008 02:27 AM
Hi,
Thanx for the quick response.
So i need the 5510 with security plus license.
Is it possible to upgrade to 3 DMZ or do i need to buy another ASA appliance?
cheers
Jorg
03-20-2008 03:18 AM
will the asa on be used for only dmz traffic in your design? are you planning to route any other traffic on the asa?
03-20-2008 03:34 AM
Hi,
The ASA will be doing Client IPSEC vpn Tunnels, traffic for DMZ, and allowing also some traffic for the second firewall like SSL vpn
Cheers
03-20-2008 02:28 AM
Hi Francisco,
Do you also have configuration examples, as i do need to write the functional and techinal design.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide