Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Designing ASA Firewall

Hi,

I need to desing the outer firewall for my company. Now i'm doubting about the design and about the product choice.

The situation is

We have a provider equipment facilitation 2 ports at the inside. One for internet and one for our brache offices. I need to create 2 DMZ on that firewall. Is it sufficent to do it with a ASA 5510 or do I need to use ASA 5520, as we will in a later stadium high availability.

I will include 2 drawings of phase 1, and phase 2 as i see it.

Is the design correct?

Can anyone help me with this one.

Jorg

5 REPLIES

Re: Designing ASA Firewall

you can have 2 dmz on either 5510 or 5520. they have the same number of ports (4 interfaces, 1 management). the differences are the throughput and type of interfaces. on the 5510 the interface type is fastethernet and on the 5520 gives you a gig interfaces. throughput on the 5510 300 Mbps and the 5520 450 Mbps.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Let me know if you neewd help with config.

Franco.

Please rate if this helps.

New Member

Re: Designing ASA Firewall

Hi,

Thanx for the quick response.

So i need the 5510 with security plus license.

Is it possible to upgrade to 3 DMZ or do i need to buy another ASA appliance?

cheers

Jorg

Re: Designing ASA Firewall

will the asa on be used for only dmz traffic in your design? are you planning to route any other traffic on the asa?

New Member

Re: Designing ASA Firewall

Hi,

The ASA will be doing Client IPSEC vpn Tunnels, traffic for DMZ, and allowing also some traffic for the second firewall like SSL vpn

Cheers

New Member

Re: Designing ASA Firewall

Hi Francisco,

Do you also have configuration examples, as i do need to write the functional and techinal design.

Thanks

150
Views
5
Helpful
5
Replies
CreatePlease to create content