cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
587
Views
0
Helpful
1
Replies

Interconnecting ASA 5505

I have been using the ASA 5505 with Security Plus license without issues. The main purpose it was to split 3 Networks:

1.- LAN - 10.1.10.0/24

2.- Wi-Fi - 192.168.1.0/24 (Handheld application)

3.- Access Server - 10.10.1.0/24 (Authenticate Wireless Devices)

On the firewall, the Wi-Fi can only access the Access Server network. The Access Server network can only access the LAN. Set with ACL, Simple no issues.

My Challenge:

A client has 4 offices in a building, where they will be running 4 firewalls like the following:

Office1:

ASA5505: LAN / Wi-Fi

Office2:

ASA5505: LAN / Wi-Fi

Office3:

ASA5505: LAN / Wi-Fi

Office4:

ASA5505: LAN / Wi-Fi / Access Server

They want me to put four firewalls, and interconnect all of them so all the offices can talk to each other on the same LAN. I am not sure how to handle it.  

I never done this kind of setup before, if I connect two firewall on their switch port on the same subnet they will communicate by design? And if that work, can make Wi-Fi on office1 talk to Access Server in office4?

I was planning initially to go with 4 switches with VLANS, but they want to go with firewalls.

I don’t have the lab to test this; I expend time researching without a true answer. Thank you for your feedback.

1 Accepted Solution

Accepted Solutions

Maykol Rojas
Cisco Employee
Cisco Employee

Hola Enrique,

What is the firewall going to do then? If at the end they will all talk to each other and they will have the same subnet? How many users per office? Are they planning just to use the switchports of the ASAs but not the firewall capability?

You might as well just put all the switchports on the same Vlan and interconnect the hosts, that´s the only thing that I can think of....

We may need a topology to understand better and what kind of isolation (if any) is going to be. You should be able to communicate them (Access server and Wifi)  with no issues as the ASA is a L3 devices, so you may end up using one Vlan for the LAN, one Vlan for the WiFi and in case of the Office 4 one additional vlan for the Access server.

I will be glad to help you further.

Mike

Mike

View solution in original post

1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

Hola Enrique,

What is the firewall going to do then? If at the end they will all talk to each other and they will have the same subnet? How many users per office? Are they planning just to use the switchports of the ASAs but not the firewall capability?

You might as well just put all the switchports on the same Vlan and interconnect the hosts, that´s the only thing that I can think of....

We may need a topology to understand better and what kind of isolation (if any) is going to be. You should be able to communicate them (Access server and Wifi)  with no issues as the ASA is a L3 devices, so you may end up using one Vlan for the LAN, one Vlan for the WiFi and in case of the Office 4 one additional vlan for the Access server.

I will be glad to help you further.

Mike

Mike
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: