ASA Dual ISP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2016 08:10 AM - edited 03-12-2019 12:55 AM
Good day guys.
I'm new to security, so I hope what I post makes sense. I want to introduce a new firewall connecting two ISP and to a Layer 3 core switch (see attached drawing). My question is, if I'm running a point-to-point 10.10.1.0/30 network between the LAN Core Switch and the ASA, do I still have to NAT and how will the configuration be? I have serveral subnets behind the Core switch such as Wireless, LAN, CCTV, Voice etc. By this I mean I have a default route pointing to the core switch
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2016 09:30 PM
All of the IP addresses in your diagram are private - event the ones from your ISPs, which is unusual.
Are both of your ISPs realy giving you circuits with private IP addresses on them?
Are you wanting to use the circuits for just outbound active/standby failover support, or did you have something else in mind?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2016 02:57 AM
Hi Philip,
Yes you are right, the two IPs to the ISPs will be public. We will also be setting up AnyConnect VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2016 09:44 AM
If you are planning to try 9.6 series firmware (I'm way back on 9.4 myself) it looks to me like the new ASA "zone" functionality (completely different from router security zones) is designed to help you talk to multiple ISP's. This has been a historical pain point with ASA.
