I have two ASA devices. 5510 with IPS and 5520 with Content scanning. The 5510 sits behind the 5520. I want the 5520 to perform all firewall functions along with content scanning for spyware and viruses. The 5510 will be used purely for IPS for traffic that has been allowed through the 5520. Is there a way to effectively turn off the firewall on the 5510? Is there any inherent problems with this configuration?
Yes, you can turn off the firewall on ASA. For this remove any interface which is in outside or inside; better place all interfaces in same security level. Now permit all traffic between the same security level interfaces and remove any other config which was used for firewall.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...