Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1256
Views
0
Helpful
3
Replies

ASA 5510 information

ElQueue
Level 1
Level 1

‎03-19-2019 05:58 AM - edited ‎03-19-2019 05:59 AM

I'm considering upgrading our networks with a dedicated firewall solution and have learned a lot about the features of the ASA 5510. However, it appears (and correct me if I'm wrong) that it functions like a router in that the interfaces on each side have their feet in different subnets, so that could cause issues in my current network configuration. If this is so, is there a way to get the ASA to filter/scan packets in a way that would function similar to a switch (in that packets come in to the outside interface, get processed, then the remaining traffic gets sent out to the inside interface)? Or another appliance that does similar functions?

 

I'm still learning about the appliance so any information would be greatly appreciated, so that I can make an appropriate decision regarding purchasing equipment.

 

Thanks for your time.

Labels:
0 Helpful
3 Replies 3

jfnk
Level 1
Level 1

‎03-19-2019 06:14 AM

Hi

 

The last part of your description ("packets come in to the outside interface, get processed, then the remaining traffic gets sent out to the inside interface") is what an ASA does.  In this sense it does indeed function like a router, but with additional Access Control Lists that are used to filter and make decisions on whether or not to route.  Traditionally such filtering takes place at layer-3 (IP addresses, protocols and ports) but newer "Next Generation" appliances (55nn-X) can analyse traffic at higher layers and make decisions based on content, file type, application, username etc.

 

Cheers

Jeremy

0 Helpful

ElQueue
Level 1
Level 1
In response to jfnk

‎03-19-2019 07:23 AM

Right, but from the sounds of it, the ASA routes packets through it which would cause issues with my setup. If this isn't avoidable, I'll try to explain the topography so maybe you have a solution.

 

Business cable router to ISP <-> ASA < - > Core switch < - > Multiple VLANs servicing subnets

 

I have 1 IP which the cable router PATs to a Class C subnet. Currently there is no ASA, so the Core switch subnets and performs L3 routing between them (multiple /28 and one /25 subnet). If I were to place the ASA in there, the internal interface would have to be on a different subnet than the cable router, breaking PAT. And double-PAT has its own problems that I don't t want to tackle if I don't have to.

0 Helpful

jfnk
Level 1
Level 1
In response to ElQueue

‎03-21-2019 02:02 AM

I'm not familiar with that kind of setup, so forgive me if I'm misunderstanding, but if the switch is handling the L3 routing does it not have an IP address that faces externally, with the next hop being the cable router?  l'm just trying to picture how the flow works in a bit more detail

 

Thanks

0 Helpful
Customers Also Viewed These Support Documents