Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Two ASAs in a network

I need to install two ASAs, one with AIP-SSM module and other with CSC-SSM in the same network. Is it possible? If so how can i connet the two devices together.

5 REPLIES
Cisco Employee

Re: Two ASAs in a network

You can if you are not planning on using failover, since both unit need to report the same hardware type.

Here is the link that details the failover requirements:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#failgi

New Member

Re: Two ASAs in a network

Thank you sir,

can u please specify the physical connection details..... Actually i need to pass the traffic through both the devices one after another to get the IPS and Anti X features.... Then how should i connet both the devices together??

Cisco Employee

Re: Two ASAs in a network

Well, if you are thinking about stacking both devices like so:

ISP-----Out-ASA/IPS-In---Out-ASA/CSC----inside

You can, but you are going to need to think about the overhead the IPS and CSC module scanning is going to create. In addition, you are going to create a more complex configuration on both units for traffic to pass. However, you can limit this by turning off NAT-CONTROL on both units, but, this will create some security concerns.

I hope this helps

New Member

Re: Two ASAs in a network

So as u said i can connet both devices back to back, from one's any port to other's any port, isnt it..??

Like

ISP <--> ASA1 GE0

ASA1 GE1 <--> ASA2 GE0

ASA2 GE1 <--> Inside

New Member

Re: Two ASAs in a network

u can use the on firewall as a routing device and another firewall as a tranparent mode. so the network diagram like

ISP-----> ASA (csc) --------> ASA (aip) transparent ---------> switch

152
Views
0
Helpful
5
Replies
CreatePlease to create content