Recommend to use router

techtone · ‎01-12-2017

I need opinions on how to connect our Cisco ASA5545 firewall to the internet router. In the past we would create a vlan for outside traffic, say vlan 200. This VLAN would have 2 ports configured on a switch, one for the outside interface of the firewall and one for the internet routers inside interface.

Is this the recommended way of doing it or can I simple run the cable from the internet router directly to the outside interface on the Firewall? Thanks

MANI .P · ‎01-12-2017

Recommend to use router infront of firewall .

Thanks,

Mani

Karsten Iwen · ‎01-12-2017

You can directly connect the ASA to the router. But there are some options you could consider:

If you plan to add a second ISP in the future, you could directly configure subinterfaces with VLANs on the ASA interface. With that you can later add additional VLANs for the second ISP. For this to work you need a switch between ASA and ISP-router with a Trunk-port to the ASA and an Access-port to the ISP.
If you later want to add a second ASA for HA, you should also use switches between the ASAs and the ISP. Here for redundancy you could configure two physical interfaces for your connection to both switches.
And of course you could combine the redundant interfaces with subinterfaces for maximum flexibility and redundancy.

Aref Alsouqi · ‎01-12-2017

That would be needed only if you want to use the same switch you are currently using for other segments, and you want to isolate the ASA outside interface traffic in a dedicated VLAN on the same switch. If not, you can just connect the ASA to the ISP router directly.

Regards,

Aref

ASA 5545 outside interface