Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1235
Views
5
Helpful
5
Replies

dc-firewall

k.adath2015
Level 1
Level 1

‎01-16-2017 10:43 AM - edited ‎03-12-2019 01:47 AM

Hi,

vpc is running  in datacenter ( its not really double sided or single sided )   . Need to  put  dc firewall ( asa with source fire ) 

What is the best practices . L3 or L2 

Thanks

Labels:
0 Helpful
5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-16-2017 07:37 PM

Can you be a lot more specific.

0 Helpful

k.adath2015
Level 1
Level 1
In response to Philip D'Ath

‎01-17-2017 11:54 AM

Hi,

Sorry for the inconvenience , I have similar toplogy (attached ) in my data center .

All the servers in the dc  must be protected .  from the agg switch there is l3 connecvity  to the core switch . (core switch not shown in the  picture ) 

server subnets are 192.168.15.0/24 16.0/24...20.0/24 

vlan interfaces are configured on the agg switches and hsrp is running  .

Now want to protect the serevers behind the dc . 

So where should be the firewall placed and  routed mode or transparent mode is better 

Thanks

Preview file
9 KB
0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to k.adath2015

‎01-17-2017 04:15 PM

Routed mode is my preferred deployment but it requires more network interruption. Transparent mode on the other hand is much easier to be deployed in an existing environment. Thus, it really boils down to preference and design requirements. 

I would highly recommend that you check Cisco's Validated Design below. There is a lot of info that might not apply to your environment or setup but it is still a good document to read and reference. 

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/sdc-dg.pdf

I hope this helps!

Thank you for rating helpful posts!

0 Helpful

k.adath2015
Level 1
Level 1
In response to nspasov

‎01-17-2017 07:41 PM

Hi,

Choosing routed mode ,what was your benefit 

Thanks

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to k.adath2015

‎01-18-2017 10:30 AM

1. There are several features that are not supported when running the ASA in transparent mode

2. Troubleshooting is easier and less convoluted when running in routed mode

3. In routed mode the ASA is a L3 hop on your network. This allows you to run routing protocols, policy-based routing, etc.

4. For more information about the differences and features for each mode you should reference the configuration guide:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/intro-fw.html

I hope this helps!

Thank you for rating helpful posts!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card