Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1351
Views
0
Helpful
6
Replies

ASA firewall design practice

rakesh4
Level 1
Level 1

‎12-27-2018 11:32 PM - edited ‎02-21-2020 08:36 AM

Hi,

I really need someones help with this I am a bit stumped.

I am configuring the one design latest .but i am struck in this design.let you tell me to how to configuring the ASA firewall ,router and switches to will get the internet and filtering of traffic in laptops.what configuration will make.

i am attached the my design diagram below

please give your outputs those ASA firewall ,Cisco router and Cisco switches.

Preview file
22 KB
0 Helpful
6 Replies 6

Abheesh Kumar
VIP Alumni
VIP Alumni

‎12-28-2018 12:01 AM

Hi,

My recommendation is to go with Router >> ASA >> Switch >> PC's.

Router will take care the routing features with ISP and ASA, ASA should take care the NAT and filtering of traffic towards your users.

 

Thanks,
Abheesh
PS: Please don't forget to rate and select as validated answer if this answered your question

0 Helpful

rakesh4
Level 1
Level 1
In response to Abheesh Kumar

‎12-28-2018 12:47 AM

In My organization we use TATA as a ISP.then
if i am use previously Router--Switch--PC's ,now we moved and previous configuration i am only configuring.but now we use ASA firewall to my Organization this is configured.
Router>>ASA>>Switch>>PC's .Between router interface and ASA interface how to configure and ASA interface and Switch what configuration is I am made.Here I am Using ASA As a Transparent or Routed mode.
Kindly tell me
Thanks,
Rakesh
0 Helpful

Karsten Iwen
VIP
VIP

‎12-28-2018 01:09 AM

You should tell us a little bit about your design goals. For me, the router between the ASA and the switches seem completely useless. If you want different subnets internally, do L3-switching on one of the switches. If you want filtering between the VLANs, then remove the router and configure the VLANs on the firewall. Or you can combine both approaches with some internal VLANs terminated on the L3-switch and some (like guest vlans) terminated on the firewall. And with a small setup like this, it's unlikely that you have to put a router between the firewall and the ISP.

0 Helpful

rakesh4
Level 1
Level 1
In response to Karsten Iwen

‎12-28-2018 01:36 AM - edited ‎12-28-2018 01:40 AM

Thanks Iwen,
Natting is also we used
My Actual intention is filter traffic in ASA firewall .This my new configuration actually i want to know what is the best configuration i am implemented here,we different Vlans here.
We Have 2 L3 3750 Cisco Switch ,5 2960 Cisco switches ,one 2911 router and one 5520 ASA firewall(9.x) we have also Wireless 2504 Cisco WLC
Kindly tell me how to configure

0 Helpful

Karsten Iwen
VIP
VIP
In response to rakesh4

‎12-28-2018 02:02 AM

In that case I really would dump the router as it is not needed here. And I would replace the ASA as this device is EOL and operating an EOL security device puts your network at risk (and even worse, depending on the rights in your country, you could be legally responsible for that if something happens).

My setup would be the following:

ISP - ASA - L3 3750 - 5* 2960 and WLC

0 Helpful

rakesh4
Level 1
Level 1
In response to Karsten Iwen

‎12-28-2018 02:37 AM

Thanks Iwen,
In ASA i am configure the NAT to Isp and then
In ASA---L3 3750,between these what i am configured and what configuration is made in ASA and L3 3750 to L2 Switch
help me here
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card