Today I'm going to be re-organzing my network, kind of and I just wanted to get a second opinon. Right now I have an ASA 5510 and a Cisco 2911 and a Cisco 2960 (and I have two more 2911s and 2960s that handles our phone network).
How the network is setup now........
Router 2911 is on the edge Gi0/0 has the public IP and Gi0/1 is not used and then I have 5 individual VLANs (Gi0/1.100, 1.200, 1.300, 1.400, 1.500)
VLAN100 is our internal network 10.10.18.1/24 (router is 10.10.18.1)
And the 2960 is used for swichport access, the ASA is on the side and only used as a VPN.
What I want to do is put the ASA on the edge so I can dump all the access-lists and everything then 2911 will only be used to route the traffic. Now I know I will have to reconfigure the VPN, which isn't a problem. My question is when putting the ASA on the edge do I just put the public IP on the ASA's e0/0 and then plug the 2911 into the e0/1 of the ASA and give the Gi0/0 of the 2911 the ip address of 10.10.18.1 or do I just shut it down? The reason behind this is because I would actually like to use the ASA for more than just the VPN passthrough.
If the Internet connection comes to you as Ethernet I don't see that you need the router at all. There may be some license and/or model limitations but the Asa can certainly handle 5 internal Vlans and a single external port.
Take the wire connecting the router to the switch today and plug the router end into the Asa internal interface. Configure all 5 Vlans on the Asa. Take the external wire connected to the router and plug into the external of the Asa. Configure external of Asa to external ip of the router. Move all acls to Asa. Turn off router.
If you just want to use the router coz you have one then I would recommend to keep it ahead of ASA i.e. your WAN side network boundary. Else you can keep router aside and use ASA as your WAN gateway with LAN side directly terminating onto the cisco 2960 Switch.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...