Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Front and backend ASA scenario

I am working to setup a front and backend ASA sceanrio.

I will have some servers connected to frontend ASA ( will need access from internet), as well some servers( will need access from the internet as well) and PC on the back of second ASA.

how should I configure the ASA?

Internet---->frontend ASA----------Backend ASA---------PC and servers

There will be some servers connected back of the front end ASA as well

any help will be appreciated

thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Front and backend ASA scenario

I do not understand your question. You are asking how you should configure the ASA? You mean transparent vs routed mode? Single Vs Multiple context or is this basic firewall configuration question? I also do not get the two ASAs inline design either.

-KS

4 REPLIES
Cisco Employee

Re: Front and backend ASA scenario

I do not understand your question. You are asking how you should configure the ASA? You mean transparent vs routed mode? Single Vs Multiple context or is this basic firewall configuration question? I also do not get the two ASAs inline design either.

-KS

New Member

Re: Front and backend ASA scenario

What am I looking , there are 2 ASA in the configuration
.I believe one should be configured in  tranparent mode and the second in routed mode.

there will be some devices behind the first firewall, and there will be some devices behind the second ASA ( seond ASA  is in the back of the first ASA).

Some of these devices are webserver in the back of the both ASA's which will require static and NAT transaltion to have access from the public network.

I hope this will clearfy you to my question.

Re: Front and backend ASA scenario

Typically in a two tiered firewall design, the first firewall performs NAT and gives public access to front-end servers. These servers are usually reverse-proxy servers meaning they contain no or very little actual data. They make calls to the servers in your protect LAN and the second firewall restricts that access. If you make the first transparent, the servers will need public routable addresses. That will work.

New Member

Re: Front and backend ASA scenario

thanks for the reply. I will try next week, let's see whow does it go?

thanks for reply

267
Views
0
Helpful
4
Replies
CreatePlease login to create content