×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA with IDS, VPN and Dual FW DMZ

Unanswered Question
Dec 9th, 2013
User Badges:

Hi guru's,


We're setting up a lab environment for fictive case and have to show a prototype.We want to know if the following is possible.


Following hardware is available:

1x ASA 5510 with a SSM-10 module
2x Catalyst 2960 series

2x 2800 series

1x HP Proliant DL 360G7 (ESXi 5.1 machine) with 4 NIC's
1x Zywall 5


-We want to accomplish that users are able to (SSL and IPsec) VPN into the ASA and the ASA puts the VPN users into the 10.1.4.x range.
-Also setting up a branch which uses the Zywall 5 to make a site to site connection with the ASA.  Puts it into the 10.1.4.x range


- ESX has couple of machines with different functions in different subnets. (Routes will be made in the FW). Machines in different subnets was a requirement


LAN contains:

  • AD (10.1.1.x)
  • mailserver (10.1.3.x)
  • database (10.1.2.x)
  • user desktops (10.1.5.x)


DMZ contains: (Dual firewall, ASA is outer and a 2800 is inner to connect to LAN)

-Webserver (10.1.6.x)
-Honeypot (10.1.6.x)



Branch will have Zywall 5 with 10.2.x.x internal LAN ranges.
a laptop for testing purposes


See attached image for clarification.


Would this VPN be possible (WITHOUT 2 ASA's, one in each location. So 1 ASA and a Zywall 5).

Also is this the correct placement for the ASA with IDS?

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion