Front and backend ASA scenario

Answered Question
Jan 18th, 2010

I am working to setup a front and backend ASA sceanrio.

I will have some servers connected to frontend ASA ( will need access from internet), as well some servers( will need access from the internet as well) and PC on the back of second ASA.

how should I configure the ASA?

Internet---->frontend ASA----------Backend ASA---------PC and servers

There will be some servers connected back of the front end ASA as well

any help will be appreciated

thanks

Correct Answer by Kureli Sankar about 7 years 1 month ago

I do not understand your question. You are asking how you should configure the ASA? You mean transparent vs routed mode? Single Vs Multiple context or is this basic firewall configuration question? I also do not get the two ASAs inline design either.

-KS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Kureli Sankar Mon, 01/18/2010 - 13:39

I do not understand your question. You are asking how you should configure the ASA? You mean transparent vs routed mode? Single Vs Multiple context or is this basic firewall configuration question? I also do not get the two ASAs inline design either.

-KS

r-jain Mon, 01/18/2010 - 14:02

What am I looking , there are 2 ASA in the configuration
.I believe one should be configured in  tranparent mode and the second in routed mode.

there will be some devices behind the first firewall, and there will be some devices behind the second ASA ( seond ASA  is in the back of the first ASA).

Some of these devices are webserver in the back of the both ASA's which will require static and NAT transaltion to have access from the public network.

I hope this will clearfy you to my question.

Collin Clark Mon, 01/18/2010 - 14:27

Typically in a two tiered firewall design, the first firewall performs NAT and gives public access to front-end servers. These servers are usually reverse-proxy servers meaning they contain no or very little actual data. They make calls to the servers in your protect LAN and the second firewall restricts that access. If you make the first transparent, the servers will need public routable addresses. That will work.

r-jain Mon, 01/18/2010 - 14:33

thanks for the reply. I will try next week, let's see whow does it go?

thanks for reply

Actions

This Discussion