It has alway been by belief that any firewall including the ASA should always be positioned behind a screening router as an additional layer of security. Is this still a valid concept with the ASA or is the ASA itself enough? Just wanted to know what the concenus out there was on this subject.
With properly configured ASA (tight ACLs, IDS on, anti-spoof/RPF on) I don't see what another router could add. Unless there's something a routing protocol reason (e.g. BGP, EIGRP) or rate limiting reason.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...