Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
905
Views
0
Helpful
5
Replies

ASA5510 with 2811 ISR

Go to solution
femi.agboade
Level 1
Level 1

‎05-27-2012 02:23 PM - edited ‎03-11-2019 04:12 PM

Hello,

I have a 2811 ISR configured to provide the following services to my network:

  • Internet access to LAN users
  • Cisco Call Manager Express
  • Site-to-stie VPN to 3rd party networks
  • VPN server to provide VPN access to remote users
  • Security Zone configurations
  • Static NAT configurations

Now I recently just got the ASA5510 device and I am not sure how to go about with the setup, whether to put the ASA in between the internet and the ISR (Internet - ASA - ISR - LAN), or put the ISR in between the internet and the ASA (Internet - ISR - ASA - LAN)?

While i know I can move most of the config unto the ASA, i know that the CME cannot be moved, hence I would like to do the setup such that users on the network still have access to CME.

Suggestions please.

Regards,

Femi

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to femi.agboade

‎05-28-2012 09:43 AM

Hello Femi,

I would go with the following topology:

(Internet - ASA - ISR - LAN)

So you can provide a layer of security on the border of the network.

You will need to determin if you want to build some of the configuration on the router on the ASA or open all the right ports and inspections if you are going to do it on the router.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎05-27-2012 03:07 PM

Duplicate posts.  

0 Helpful

Go to solution
femi.agboade
Level 1
Level 1
In response to Leo Laohoo

‎05-28-2012 05:45 AM

Hi,

Sorry about that. Wasnt sure where to post the question. So any suggestion?

Regards,

Femi

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to femi.agboade

‎05-28-2012 09:43 AM

Hello Femi,

I would go with the following topology:

(Internet - ASA - ISR - LAN)

So you can provide a layer of security on the border of the network.

You will need to determin if you want to build some of the configuration on the router on the ASA or open all the right ports and inspections if you are going to do it on the router.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
femi.agboade
Level 1
Level 1
In response to Julio Carvajal

‎05-29-2012 04:11 AM

Hello Julio,

Thanks for the response. I am not familiar with the ASA, hence my confusion on how to go about setting it up with the existing infrastructure. However, I'll consider your suggestion and try to simulate in a virtual environment.

Thanks again.

Regards,

Femi

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to femi.agboade

‎05-29-2012 10:13 AM

Hello Femi,

Sure, it is our pleasure to help.

If you do not have any other query please mark the question as answered so future users can learn from

this topic.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card