One of our client has a small office which has few networks (vlans) now they have sold some services to thrid party and they want to add another firewall and segregate the traffic (physically). Kindly see the attached diagram. There are four vlans with redundant firewalls and redundant router to MPLS cloud......the redundant router has 4G connection which will fire-off if the main links goes down. Both firewalls are connected to DMZ (stack switches) and all servers are connected to it (4 vlans) now in new scenario we have to add another firewall (client wants to have connection to both stack) secondly we have to bring down two vlans 10,15 to the new firewall.
Can someone help plz what would be the best practice secondly if i hook up the new Cisco 5505 to both switches who would i configure fail over (jn this case link)
do i have to configure vlan 10,15 interfaces one new one what about the default gateway for the new ASA as this vlans will be talking to datacentre which is in core
Because 5505 doesn't support any kind of redundant interfaces and doesn't participate in STP, I assume that for link redundancy from your 5505 to stack of switches you can use cisco flex links technology, if your stack switches support it.
Then you'd have to configure two vlan interfaces on 5505 for each vlans 10 and 15, make those interfaces default gateways for corresponding servers. What should be the gateway for the 5505 you should know better, i guess)
Thanks for your post.......the client now wants to add two firewalls instead of one and want to add two switches the other thing which is changed is that they want to do it in phase wise the furst phase they want to make the new firewalls as transparent...can you advise how i will make them failover plus make them trunks or??
Are you responsible for risk management, compliance management and auditing of a network?
If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ...
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari...
Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ...
A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se...
How To: Cisco ISE Captive Portals with Aruba Wireless
Authors: Adam Hollifield, Brad Johnson
IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi...