One of our client has a small office which has few networks (vlans) now they have sold some services to thrid party and they want to add another firewall and segregate the traffic (physically). Kindly see the attached diagram. There are four vlans with redundant firewalls and redundant router to MPLS cloud......the redundant router has 4G connection which will fire-off if the main links goes down. Both firewalls are connected to DMZ (stack switches) and all servers are connected to it (4 vlans) now in new scenario we have to add another firewall (client wants to have connection to both stack) secondly we have to bring down two vlans 10,15 to the new firewall.
Can someone help plz what would be the best practice secondly if i hook up the new Cisco 5505 to both switches who would i configure fail over (jn this case link)
do i have to configure vlan 10,15 interfaces one new one what about the default gateway for the new ASA as this vlans will be talking to datacentre which is in core
Because 5505 doesn't support any kind of redundant interfaces and doesn't participate in STP, I assume that for link redundancy from your 5505 to stack of switches you can use cisco flex links technology, if your stack switches support it.
Then you'd have to configure two vlan interfaces on 5505 for each vlans 10 and 15, make those interfaces default gateways for corresponding servers. What should be the gateway for the 5505 you should know better, i guess)
Thanks for your post.......the client now wants to add two firewalls instead of one and want to add two switches the other thing which is changed is that they want to do it in phase wise the furst phase they want to make the new firewalls as transparent...can you advise how i will make them failover plus make them trunks or??