cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
502
Views
0
Helpful
3
Replies

ASA for internet edge and internal zones

de1denta
Level 3
Level 3

Hi,

Has anyone used a pair of ASA 5520s in HA to firewall the internet edge and to firewall traffic between internal security zones such as web and application layers? If so, is this best done using different security levels or contexts?

I'm thinking of using a routed context for securing the internet edge and then using seperate contexts for the web and application networks. Conexts will route via a L3 switch.

Thanks,

3 Replies 3

varrao
Level 10
Level 10

Hi,

Yes you can use the firewall in either route context mode or routed single mode, in either ways you can manage your web and application networks properly. The best utilization of context mode is when you have multiple ISP's terminating for different customers or networks on the ASA, so that you keep them seperate from easchother. But that all depends on the requirement. Using different security-levels would also work for you. That shoudl not be an issue.

Hope that helps

Thanks,

Varun

Thanks,
Varun Rao

Thanks Varun

I will probably configure the ASA in routed single mode and use security levels between the different zones. There is only 1 ISP in this enviroment and I also need to support VPN termination on the internet edge.

In terms of sizing, the internet connection will be 300Mbps and the firewall throughput between zones needs to be above 500Mbps. I'm just thinking that the 5520 in active/standby will handle the internet bandwidth requirements but not the inter-zone requirements. Which model of ASA will be a good fit here?

Thank you.

Hi Will,

Not really can suggest you a particular device, because you can be teh best judge for it, but yes, you can go through the datasheet below and try and match up your requirements with it:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html

Hope that helps

Thanks,

Varun

Thanks,
Varun Rao
Review Cisco Networking for a $25 gift card