New Member

Two ASAs in a network

I need to install two ASAs, one with AIP-SSM module and other with CSC-SSM in the same network. Is it possible? If so how can i connet the two devices together.

Cisco Employee

Re: Two ASAs in a network

You can if you are not planning on using failover, since both unit need to report the same hardware type.

Here is the link that details the failover requirements:

New Member

Re: Two ASAs in a network

Thank you sir,

can u please specify the physical connection details..... Actually i need to pass the traffic through both the devices one after another to get the IPS and Anti X features.... Then how should i connet both the devices together??

Cisco Employee

Re: Two ASAs in a network

Well, if you are thinking about stacking both devices like so:


You can, but you are going to need to think about the overhead the IPS and CSC module scanning is going to create. In addition, you are going to create a more complex configuration on both units for traffic to pass. However, you can limit this by turning off NAT-CONTROL on both units, but, this will create some security concerns.

I hope this helps

New Member

Re: Two ASAs in a network

So as u said i can connet both devices back to back, from one's any port to other's any port, isnt it..??


ISP <--> ASA1 GE0

ASA1 GE1 <--> ASA2 GE0

ASA2 GE1 <--> Inside

New Member

Re: Two ASAs in a network

u can use the on firewall as a routing device and another firewall as a tranparent mode. so the network diagram like

ISP-----> ASA (csc) --------> ASA (aip) transparent ---------> switch

