Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5510 with 2811 ISR

Hello,

I have a 2811 ISR configured to provide the following services to my network:

  • Internet access to LAN users
  • Cisco Call Manager Express
  • Site-to-stie VPN to 3rd party networks
  • VPN server to provide VPN access to remote users
  • Security Zone configurations
  • Static NAT configurations

Now I recently just got the ASA5510 device and I am not sure how to go about with the setup, whether to put the ASA in between the internet and the ISR (Internet - ASA - ISR - LAN), or put the ISR in between the internet and the ASA (Internet - ISR - ASA - LAN)?

While i know I can move most of the config unto the ASA, i know that the CME cannot be moved, hence I would like to do the setup such that users on the network still have access to CME.

Suggestions please.

Regards,

Femi

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions

ASA5510 with 2811 ISR

Hello Femi,

I would go with the following topology:

(Internet - ASA - ISR - LAN)

So you can provide a layer of security on the border of the network.

You will need to determin if you want to build some of the configuration on the router on the ASA or open all the right ports and inspections if you are going to do it on the router.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
5 REPLIES
Hall of Fame Super Gold

ASA5510 with 2811 ISR

Duplicate posts.  

New Member

ASA5510 with 2811 ISR

Hi,

Sorry about that. Wasnt sure where to post the question. So any suggestion?

Regards,

Femi

ASA5510 with 2811 ISR

Hello Femi,

I would go with the following topology:

(Internet - ASA - ISR - LAN)

So you can provide a layer of security on the border of the network.

You will need to determin if you want to build some of the configuration on the router on the ASA or open all the right ports and inspections if you are going to do it on the router.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

ASA5510 with 2811 ISR

Hello Julio,

Thanks for the response. I am not familiar with the ASA, hence my confusion on how to go about setting it up with the existing infrastructure. However, I'll consider your suggestion and try to simulate in a virtual environment.

Thanks again.

Regards,

Femi

ASA5510 with 2811 ISR

Hello Femi,

Sure, it is our pleasure to help.

If you do not have any other query please mark the question as answered so future users can learn from

this topic.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
688
Views
0
Helpful
5
Replies
CreatePlease to create content