Firewall interconnects

Unanswered Question

Need expert opinion on which one of below is considered as best practice and why...

     Option-1    

               RTR-1----ASA---- SW-1

                    \       /      \     /

                 |             |             |

                     /     \       /     \

               RTR-2----ASA----SW-2        

     Option-2   

               RTR-1----ASA---- SW-1

                 |             |             |

               RTR-2----ASA----SW-2

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Jon Marshall Mon, 12/21/2009 - 08:40

[email protected]

Need expert opinion on which one of below is considered as best practice and why...

     Option-1    

               RTR-1----ASA---- SW-1

                    \       /      \     /

                 |             |             |

                     /     \       /     \

               RTR-2----ASA----SW-2        

     Option-2   

               RTR-1----ASA---- SW-1

                 |             |             |

               RTR-2----ASA----SW-2

Neither actually. You need L2 adjacency between the ASA interfaces and although you have that on the switch side you don't on the router side. It should be

RTR1 --  SW1 -- ASA1  -- SW2

  |             |          |             |

RTR2 -- SW3 -- ASA2  -- SW4

Jon

Actions

This Discussion

Related Content