Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1487
Views
0
Helpful
5
Replies

Do I really need to place switches in this scenario?

sawasa
Level 1
Level 1

‎02-27-2020 03:38 AM

Hello all,

 

I have to set up a prod environment in a datacenter. 
The goal is to place two data encryption machines which will be load balanced behind two ASA machine, each of them connectiong an outside line. 

I have the crypto machines and the ASAs but I dont have any switches. I have requested them but they are asking me why, since the ASA can be connected directly to the crypto machine. 

I think is better to have switches for L2 segmentation, but I had to admit that placing them for just one machine looks a little bit overkill.

 

So my question is, do I really need switches in this scenario? Without them the set-up will be like this:

 

datacenter.png

 

 

 

0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-27-2020 04:37 AM

There's insufficient information to answer your question fully. Things such as:

What are your availability requirements and how do the devices react when an ASA failover event occurs?

Do they need to see each other and if so, how does that operate?

Ask yourself "How can this design fail?" and "Is that acceptable to the business?". 

0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎02-27-2020 04:40 AM

Hello

Well, since your topology is simple, it isn't necessary install two switches. But if you install news equipament it will also work without problem.
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

sawasa
Level 1
Level 1
In response to Jaderson Pessoa

‎02-27-2020 05:00 AM

Thanks,

 

AWS will do load-balancing between the two routes. In a normal scenario, one ASA will just communicate with one cyrpto machine. 
In case of failover of an ASA,I have to let the reamining one to communicate with the two crypto machines. 

0 Helpful

Sheraz.Salim
VIP Alumni
VIP Alumni

‎02-27-2020 10:16 AM

Is this a test lab or a real production network design? if one ASA dies/power failure etc than you saying you have to manually connect the other crypto machine to other ASA? ideally your need a switch between crypto machines and ASA. and also you need a switch between routers and ASA. and also you need a switch between two firewalls for ASA.

now if you are tight with budget in that case your one switches logically can do all the work. 

please do not forget to rate.
0 Helpful

sawasa
Level 1
Level 1
In response to Sheraz.Salim

‎03-03-2020 02:32 PM

This will be a prod environment.

I don't intent to manually connect anythihg.

 

I want the two ASAs to have cable connection with the two cryptos. Normally, one ASA will have traffic to one crypto.
In case of ASA failure, the remaining one will have traffic with the two crypto machines. 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card