01-18-2010 01:14 PM - edited 03-11-2019 09:58 AM
I am working to setup a front and backend ASA sceanrio.
I will have some servers connected to frontend ASA ( will need access from internet), as well some servers( will need access from the internet as well) and PC on the back of second ASA.
how should I configure the ASA?
Internet---->frontend ASA----------Backend ASA---------PC and servers
There will be some servers connected back of the front end ASA as well
any help will be appreciated
thanks
Solved! Go to Solution.
01-18-2010 01:39 PM
I do not understand your question. You are asking how you should configure the ASA? You mean transparent vs routed mode? Single Vs Multiple context or is this basic firewall configuration question? I also do not get the two ASAs inline design either.
-KS
01-18-2010 01:39 PM
I do not understand your question. You are asking how you should configure the ASA? You mean transparent vs routed mode? Single Vs Multiple context or is this basic firewall configuration question? I also do not get the two ASAs inline design either.
-KS
01-18-2010 02:02 PM
What am I looking , there are 2 ASA in the configuration
.I believe one should be configured in tranparent mode and the second in routed mode.
there will be some devices behind the first firewall, and there will be some devices behind the second ASA ( seond ASA is in the back of the first ASA).
Some of these devices are webserver in the back of the both ASA's which will require static and NAT transaltion to have access from the public network.
I hope this will clearfy you to my question.
01-18-2010 02:27 PM
Typically in a two tiered firewall design, the first firewall performs NAT and gives public access to front-end servers. These servers are usually reverse-proxy servers meaning they contain no or very little actual data. They make calls to the servers in your protect LAN and the second firewall restricts that access. If you make the first transparent, the servers will need public routable addresses. That will work.
01-18-2010 02:33 PM
thanks for the reply. I will try next week, let's see whow does it go?
thanks for reply
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: