Designing ASA Firewall

jorg.ramakers · ‎03-20-2008

Hi,

I need to desing the outer firewall for my company. Now i'm doubting about the design and about the product choice.

The situation is

We have a provider equipment facilitation 2 ports at the inside. One for internet and one for our brache offices. I need to create 2 DMZ on that firewall. Is it sufficent to do it with a ASA 5510 or do I need to use ASA 5520, as we will in a later stadium high availability.

I will include 2 drawings of phase 1, and phase 2 as i see it.

Is the design correct?

Can anyone help me with this one.

Jorg

francisco_1 · ‎03-20-2008

you can have 2 dmz on either 5510 or 5520. they have the same number of ports (4 interfaces, 1 management). the differences are the throughput and type of interfaces. on the 5510 the interface type is fastethernet and on the 5520 gives you a gig interfaces. throughput on the 5510 300 Mbps and the 5520 450 Mbps.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Let me know if you neewd help with config.

Franco.

Please rate if this helps.

jorg.ramakers · ‎03-20-2008

Hi,

Thanx for the quick response.

So i need the 5510 with security plus license.

Is it possible to upgrade to 3 DMZ or do i need to buy another ASA appliance?

cheers

Jorg

francisco_1 · ‎03-20-2008

will the asa on be used for only dmz traffic in your design? are you planning to route any other traffic on the asa?

jorg.ramakers · ‎03-20-2008

Hi,

The ASA will be doing Client IPSEC vpn Tunnels, traffic for DMZ, and allowing also some traffic for the second firewall like SSL vpn

Cheers

jorg.ramakers · ‎03-20-2008

Hi Francisco,

Do you also have configuration examples, as i do need to write the functional and techinal design.

Thanks