Solved: Best Cisco ASA 5000 series Deployment Topology

Frank17 · ‎12-06-2020

I need to deploy an ASA 5500 series Firewall inside a small office .

Online I read about that best would like to put a L2 device, a switch, between the Router and the ASA.

Something like this:

If this would be the best way for traffic flow and control, should i expect to make the traffic flow from the router to the IPS/IDS , creating the router-on-a-stick for VLANS inside the 5000 series, mapping it out the traffic with a default toward the router and then the WAN?

What about ipv6 , if instead I would like to apply an IPV6 configuration, would exactly the same topology suite my needs the same?

balaji.bandi · ‎12-06-2020

A router on Stick this should work as expected, you going to Trunk with Switch and have sub-interface on ASA to have bound to Inside and outside. it should same way for ipv6. make sure all the device should able to support ipv6

here is the deployment mode and exaplanation.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/fwmode.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎12-06-2020

A router on Stick this should work as expected, you going to Trunk with Switch and have sub-interface on ASA to have bound to Inside and outside. it should same way for ipv6. make sure all the device should able to support ipv6

here is the deployment mode and exaplanation.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/fwmode.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help