01-17-2007 12:29 PM - edited 03-11-2019 02:21 AM
Hi
I have an ASA5520 Firewall and some 3800 routers with firewall IOS.
I want to have two layers of firewall, one at the internet and the other behind the first.
I have some questions.
Would it be better to have both firewalls ASA.
Are there any disadvantages to using firewall IOS.
Would it be better to have the ASA or the IOS boxes facing the internet.
01-17-2007 01:01 PM
Some gov't entities require two different mfg firewalls, but since you have two different boxes, that should be pretty good. What are the boxes doing? Any VPN?, NAT translations (inside to out)? how many interfaces? It really depends on the design. I would *feel* better putting the ASA first, but that's just me.
HTH and please rate.
01-18-2007 05:48 AM
I accept there is benefits to having two different fw's and agree about the asa on the outside, but the asa need to be inside because of realtime applications that will need to failover seamlessly in the event of a failure.
The outside firewalls will just have nat and vpn devices in dmz (via 16 port fa card in nm slot)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide