Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
490
Views
3
Helpful
1
Replies

Firewall interconnects

mohsin.khan
Level 3
Level 3

‎12-21-2009 08:17 AM - edited ‎03-11-2019 09:50 AM

Need expert opinion on which one of below is considered as best practice and why...

     Option-1    

               RTR-1----ASA---- SW-1

                    \       /      \     /

                 |             |             |

                     /     \       /     \

               RTR-2----ASA----SW-2        

     Option-2   

               RTR-1----ASA---- SW-1

                 |             |             |

               RTR-2----ASA----SW-2

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎12-21-2009 08:40 AM 

mohsin.khan@telenor.com.pk
Need expert opinion on which one of below is considered as best practice and why...
     Option-1     
               RTR-1----ASA---- SW-1
                    \       /      \     /
                 |             |             |
                     /     \       /     \
               RTR-2----ASA----SW-2         
     Option-2    
               RTR-1----ASA---- SW-1
                 |             |             |
               RTR-2----ASA----SW-2

Neither actually. You need L2 adjacency between the ASA interfaces and although you have that on the switch side you don't on the router side. It should be

RTR1 --  SW1 -- ASA1  -- SW2

  |             |          |             |

RTR2 -- SW3 -- ASA2  -- SW4

Jon

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card