ASA5510-SSL250-K9

josephschung · ‎02-19-2009

Dear Sir,

I have a pair caption ASA(A/A) connected to a pair of 3560 switches. The ASAs is for SSL VPN access from Internet only. We have other firewall outside to serve the firewall function.

1. Do I need to put the local servers behind the ASAs?

2. Do both ASAs need to connect to both 3560s?

3. Should I creat a vlan for the ASAs?

Thanks.

cdusio · ‎02-20-2009

Your post is extremely vague.

1) most likely yes you would want to put your servers behind a firewall.

2) technically no but why wouldn't you.

3) you just want the ASA's to be on a segment behind your external firewall so you can create a VLAN or not.

josephschung · ‎02-20-2009

My design is further modified as below.

1. 2 x 3750G

2. 2 x ASA5520 (SSL VPN)

3. Web-Production & Web-Testing

1) Connect each ASA5520 to one 3750G through the FastEthernet port.

2) Each web server connect to both ASA5520. Thus all four Gigaports are used up.

3) VLANs are created on ASA, one for production and the other for testing.

4) Two ASAs are configured as A/A.

Besides, there are APP and DB servers, which are location in another network zone.

Is the design a good one, or any other idea?

Thanks.

josephschung · ‎02-21-2009

Design revised.

1) Connect each ASA5520 to the two 3750G through the GigaEthernet ports.

2) Each web server connect to both ASA5520. Thus all four GigaEthernet ports are used up.

3) The two ASA5520 are interconnected through the FastEthernet port.

4) VLANs are created on ASA, one for production and the other for testing.

4) Two ASAs are configured as A/A.

What do you think?

Thanks.