02-19-2009 05:10 PM - edited 03-11-2019 07:53 AM
Dear Sir,
I have a pair caption ASA(A/A) connected to a pair of 3560 switches. The ASAs is for SSL VPN access from Internet only. We have other firewall outside to serve the firewall function.
1. Do I need to put the local servers behind the ASAs?
2. Do both ASAs need to connect to both 3560s?
3. Should I creat a vlan for the ASAs?
Thanks.
02-20-2009 07:41 AM
Your post is extremely vague.
1) most likely yes you would want to put your servers behind a firewall.
2) technically no but why wouldn't you.
3) you just want the ASA's to be on a segment behind your external firewall so you can create a VLAN or not.
02-20-2009 10:37 PM
My design is further modified as below.
1. 2 x 3750G
2. 2 x ASA5520 (SSL VPN)
3. Web-Production & Web-Testing
1) Connect each ASA5520 to one 3750G through the FastEthernet port.
2) Each web server connect to both ASA5520. Thus all four Gigaports are used up.
3) VLANs are created on ASA, one for production and the other for testing.
4) Two ASAs are configured as A/A.
Besides, there are APP and DB servers, which are location in another network zone.
Is the design a good one, or any other idea?
Thanks.
02-21-2009 04:06 AM
Design revised.
1) Connect each ASA5520 to the two 3750G through the GigaEthernet ports.
2) Each web server connect to both ASA5520. Thus all four GigaEthernet ports are used up.
3) The two ASA5520 are interconnected through the FastEthernet port.
4) VLANs are created on ASA, one for production and the other for testing.
4) Two ASAs are configured as A/A.
What do you think?
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide