02-10-2009 12:31 AM - edited 03-10-2019 04:29 AM
I have 2 unit ASA 5520 with AIP-SSM-20 for front-end and 2 units ASA5520 with AIP_SSM-20 for back-end.I also have 2 units catalyst 6509. How should my design looks like.
02-10-2009 08:46 AM
You need to provide much more detail on the goals your design is trying to achieve.
Are the asa pairs for reduntancy?
What do you mean front-end and back-end, to what?
What networks feed into and out of this hardware?
02-10-2009 05:35 PM
Yes. Pairs of ASA is for redundancy. Front end mean to internet edge.Back end means internal network.
02-11-2009 11:27 AM
ASA pairs for redundancy makes sence, but I do not understand why you are using two sets of firewalls? what is between these two ASA pairs?
02-11-2009 05:43 PM
Between these two ASA pairs is a pair of catalyst 6509. The internal network is purely flat network. Do i need two pairs of ASA?
Thanks.
02-12-2009 09:18 AM
It all depends on what you are trying to accomplish and what features you are using in each ASA. The outside ASA, as a firewall can host serveral inside networks (limited by the number of interfaces in the ASA) each netowrk can have a different firewall policy assigned. If that meets your firewall needs, then you might not require a second set of ASAs.
You have not provided enough network requirements detail to even make an guess of what you need.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: