Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA5510-SSL250-K9

Dear Sir,

I have a pair caption ASA(A/A) connected to a pair of 3560 switches. The ASAs is for SSL VPN access from Internet only. We have other firewall outside to serve the firewall function.

1. Do I need to put the local servers behind the ASAs?

2. Do both ASAs need to connect to both 3560s?

3. Should I creat a vlan for the ASAs?

Thanks.

3 REPLIES
Community Member

Re: ASA5510-SSL250-K9

Your post is extremely vague.

1) most likely yes you would want to put your servers behind a firewall.

2) technically no but why wouldn't you.

3) you just want the ASA's to be on a segment behind your external firewall so you can create a VLAN or not.

Community Member

Re: ASA5510-SSL250-K9

My design is further modified as below.

1. 2 x 3750G

2. 2 x ASA5520 (SSL VPN)

3. Web-Production & Web-Testing

1) Connect each ASA5520 to one 3750G through the FastEthernet port.

2) Each web server connect to both ASA5520. Thus all four Gigaports are used up.

3) VLANs are created on ASA, one for production and the other for testing.

4) Two ASAs are configured as A/A.

Besides, there are APP and DB servers, which are location in another network zone.

Is the design a good one, or any other idea?

Thanks.

Community Member

Re: ASA5510-SSL250-K9

Design revised.

1) Connect each ASA5520 to the two 3750G through the GigaEthernet ports.

2) Each web server connect to both ASA5520. Thus all four GigaEthernet ports are used up.

3) The two ASA5520 are interconnected through the FastEthernet port.

4) VLANs are created on ASA, one for production and the other for testing.

4) Two ASAs are configured as A/A.

What do you think?

Thanks.

224
Views
0
Helpful
3
Replies
CreatePlease to create content