10-17-2011 07:04 PM - edited 03-11-2019 02:39 PM
Hello everyone,
I am planning to deploy ASA 5580 in one arm mode for Data Center. The question is, if I use C6509 with FWSM, I can deploy the firewall in transparent & one arm mode with bridge-group on FWSM. But I have 5580 appliance, if I deploy ASA 5580 in transparent mode with 2 sub-interfaces (RED VLAN and GREEN VLAN) assigned to it, can my traffic flow like in below figure?
In Data Center, I just want to force some VLANs move through firewall, some bypass, and I dont want to deploy ASA in routed mode. So, please help me to figure it out. Thank you very much.
Regards,
Hiep Nguyen.
10-18-2011 10:50 AM
I don't see any issues with this setup. The 5580 should see the subinterfaces just as it would seperate physical interfaces.
You've probably got a few physical ports on the 5580. You might want to consider setting up lacp to the firewll to get some interface redundancy and additional throughput.
hth,
Rick
10-18-2011 07:52 PM
Yes, thanks a lot Rick.
One better thing of FWSM is in transparent mode, it support bridge-group, that can support 8 pairs of interfaces. For ASA Appliance, it support only 1 pair of interfaces for one-context. So if I have to deploy many server subnets, I have to make ASA context.With 3 default context, I can not scale up my network with this design.
Thank you for your support.
Regards,
Hiep Nguyen.
11-11-2011 06:11 AM
Starting with 8.4 you can deploy bridge groups with 4 max interfaces.
11-13-2011 05:45 PM
Hi Mohammed,
Yey, great news. Thank you for your information.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: