Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
632
Views
3
Helpful
2
Replies

Firewall IOS router v ASA

johnroche_2
Level 1
Level 1

‎01-17-2007 12:29 PM - edited ‎03-11-2019 02:21 AM

Hi

I have an ASA5520 Firewall and some 3800 routers with firewall IOS.

I want to have two layers of firewall, one at the internet and the other behind the first.

I have some questions.

Would it be better to have both firewalls ASA.

Are there any disadvantages to using firewall IOS.

Would it be better to have the ASA or the IOS boxes facing the internet.

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎01-17-2007 01:01 PM

Some gov't entities require two different mfg firewalls, but since you have two different boxes, that should be pretty good. What are the boxes doing? Any VPN?, NAT translations (inside to out)? how many interfaces? It really depends on the design. I would *feel* better putting the ASA first, but that's just me.

HTH and please rate.

johnroche_2
Level 1
Level 1
In response to Collin Clark

‎01-18-2007 05:48 AM

I accept there is benefits to having two different fw's and agree about the asa on the outside, but the asa need to be inside because of realtime applications that will need to failover seamlessly in the event of a failure.

The outside firewalls will just have nat and vpn devices in dmz (via 16 port fa card in nm slot)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card