I'm deploying an HA ASA primary / standby with 1 GSS and ACE in primary and standby at DC 1 and the same at DC 2.
Before I get to deep into the technology here is a basic layout of the network
Two Layer 2 switches with servers dual homed between each layer 2 switch.
The switches are cross connected with ether-channel, running spanning tree 802.1w primary root and secondary root defined on them and the servers are running network bonding software.
The network will have two Cisco ASA firewalls one running primary and the other standby mode.
One GSS devices and two Cisco ASA running primary and standby for server load balancing of the website.
I would like some ideas on how to physical connect the devices.
My first design is as such
1. GSS on the public internet side
2. Cisco ASA with three interfaces outside / inside / DMZ
3. ACE with two interfaces on the inside network and on the DMZ network
4. Servers hosted on the DMZ network
5. ACE inside network interface used for management
6. ACE DMZ network interface used for incoming load balancing
Can we improve on the design idea above for more efficient use but keeping things simple?
How does GSS communicate with ACE? Do I need to place another GSS interface on the DMZ side or the internal side?
Do I keep GSS on the internal network and publish the required protocols for external DNS communication and communicate to the other GSS over the ASA?
What will be the servers default gateway? The ACE or the ASA, I believe the ACE
Thanks a lot for everyone's contribution