Interconnecting ASA 5505

Answered Question
May 3rd, 2012

I have been using the ASA 5505 with Security Plus license without issues. The main purpose it was to split 3 Networks:

1.- LAN - 10.1.10.0/24

2.- Wi-Fi - 192.168.1.0/24 (Handheld application)

3.- Access Server - 10.10.1.0/24 (Authenticate Wireless Devices)

On the firewall, the Wi-Fi can only access the Access Server network. The Access Server network can only access the LAN. Set with ACL, Simple no issues.

My Challenge:

A client has 4 offices in a building, where they will be running 4 firewalls like the following:

Office1:

ASA5505: LAN / Wi-Fi

Office2:

ASA5505: LAN / Wi-Fi

Office3:

ASA5505: LAN / Wi-Fi

Office4:

ASA5505: LAN / Wi-Fi / Access Server

They want me to put four firewalls, and interconnect all of them so all the offices can talk to each other on the same LAN. I am not sure how to handle it.  

I never done this kind of setup before, if I connect two firewall on their switch port on the same subnet they will communicate by design? And if that work, can make Wi-Fi on office1 talk to Access Server in office4?

I was planning initially to go with 4 switches with VLANS, but they want to go with firewalls.

I don’t have the lab to test this; I expend time researching without a true answer. Thank you for your feedback.

I have this problem too.
0 votes
Correct Answer by mayrojas about 1 year 11 months ago

Hola Enrique,

What is the firewall going to do then? If at the end they will all talk to each other and they will have the same subnet? How many users per office? Are they planning just to use the switchports of the ASAs but not the firewall capability?

You might as well just put all the switchports on the same Vlan and interconnect the hosts, that´s the only thing that I can think of....

We may need a topology to understand better and what kind of isolation (if any) is going to be. You should be able to communicate them (Access server and Wifi)  with no issues as the ASA is a L3 devices, so you may end up using one Vlan for the LAN, one Vlan for the WiFi and in case of the Office 4 one additional vlan for the Access server.

I will be glad to help you further.

Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Correct Answer
mayrojas Thu, 05/03/2012 - 21:25

Hola Enrique,

What is the firewall going to do then? If at the end they will all talk to each other and they will have the same subnet? How many users per office? Are they planning just to use the switchports of the ASAs but not the firewall capability?

You might as well just put all the switchports on the same Vlan and interconnect the hosts, that´s the only thing that I can think of....

We may need a topology to understand better and what kind of isolation (if any) is going to be. You should be able to communicate them (Access server and Wifi)  with no issues as the ASA is a L3 devices, so you may end up using one Vlan for the LAN, one Vlan for the WiFi and in case of the Office 4 one additional vlan for the Access server.

I will be glad to help you further.

Mike

Actions

Login or Register to take actions

This Discussion

Posted May 3, 2012 at 10:22 AM
Stats:
Replies:1 Avg. Rating:5
Views:277 Votes:0
Shares:0
Tags: asa_5505, asa, 5505
+

Related Content

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446