Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2095
Views
0
Helpful
7
Replies

MPLS router with firewall

yeow_km
Level 1
Level 1

‎08-12-2010 11:20 PM

Can i setup my network such that i placed a Cisco ASA firewall between my mpls router and cisco switch ?

---------------------                     --------------------                         -----------------                 ------------------

| MPLS Router |    -------------  | ASA Firewall |     ---------------  |   Switch     |   ------------ |    VLANs    |

---------------------                     ---------------------                        -----------------               ------------------

Labels:
0 Helpful
7 Replies 7

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-13-2010 03:34 AM

Hello Yeow,

this is possible, depending on support of MDIX or not you may need a cross-over cable between ASA and MPLS router.

Hope to help

Giuseppe

0 Helpful

yeow_km
Level 1
Level 1
In response to Giuseppe Larosa

‎08-13-2010 05:14 AM

the ASA I m referring to is 5510. What mode do i configure for the ASA, routed or transparent mode is recommended ?

the mpls router is connecting to other remote office in the WAN.

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to yeow_km

‎08-13-2010 07:09 AM

Hello,

ASA cannot participate in MPLS label exchange. In routed mode, that will

result in breaking your MPLS communication. So, transparent mode would be

better.

Hope this helps.

Regards,

NT

0 Helpful

yeow_km
Level 1
Level 1
In response to Nagaraja Thanthry

‎08-13-2010 07:22 AM

Can the ASA do NAT in the environment as mentioned ?

Since MPLS router is already in private IP segment and switch is on another different private IP segment.

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to yeow_km

‎08-13-2010 07:34 AM

Hello,

In transparent mode, ASA cannot do NAT (in the latest version it supports

NAT to it's own IP) and is not recommended.

Regards,

NT

0 Helpful

Chetan Kumar Ress
Level 4
Level 4
In response to yeow_km

‎08-13-2010 10:56 AM

Hi

As per your senario it look like en enterprise network. So you won't requrie MPLS lable Propagation in your internet network.

If possible  can clear that weather you want to Propagate the MPLS Lable in you internet network or do you run MPLS in you routers & switchs  or do you have only an MPLS Link from your SP.

And if you won't require MPLS lable Propagation or you have not configured MPLS in intenal network  then you can configure ASA in routed mode & can use all feature that you requried.

Regards

Chetan Kumar

http://chetanress.blogspot.com

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to yeow_km

‎08-15-2010 07:13 AM

Hello Yeow,

if your site is a customer site of a L3 VPN, you can use the ASA in routed mode, this will allow you to interconnect the MPLS routers in the outside and the internal L3 switches on the "inside"

you probably just need to route between ASA interfaces, unless you have address overlapping with other sites or with the IP subnet used with the MPLS service provider.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents