Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1177
Views
0
Helpful
4
Replies

Front and backend ASA scenario

Go to solution
r-jain
Level 1
Level 1

‎01-18-2010 01:14 PM - edited ‎03-11-2019 09:58 AM

I am working to setup a front and backend ASA sceanrio.

I will have some servers connected to frontend ASA ( will need access from internet), as well some servers( will need access from the internet as well) and PC on the back of second ASA.

how should I configure the ASA?

Internet---->frontend ASA----------Backend ASA---------PC and servers

There will be some servers connected back of the front end ASA as well

any help will be appreciated

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎01-18-2010 01:39 PM

I do not understand your question. You are asking how you should configure the ASA? You mean transparent vs routed mode? Single Vs Multiple context or is this basic firewall configuration question? I also do not get the two ASAs inline design either.

-KS

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎01-18-2010 01:39 PM

I do not understand your question. You are asking how you should configure the ASA? You mean transparent vs routed mode? Single Vs Multiple context or is this basic firewall configuration question? I also do not get the two ASAs inline design either.

-KS

0 Helpful

Go to solution
r-jain
Level 1
Level 1
In response to Kureli Sankar

‎01-18-2010 02:02 PM

What am I looking , there are 2 ASA in the configuration
.I believe one should be configured in  tranparent mode and the second in routed mode.

there will be some devices behind the first firewall, and there will be some devices behind the second ASA ( seond ASA  is in the back of the first ASA).

Some of these devices are webserver in the back of the both ASA's which will require static and NAT transaltion to have access from the public network.

I hope this will clearfy you to my question.

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to r-jain

‎01-18-2010 02:27 PM

Typically in a two tiered firewall design, the first firewall performs NAT and gives public access to front-end servers. These servers are usually reverse-proxy servers meaning they contain no or very little actual data. They make calls to the servers in your protect LAN and the second firewall restricts that access. If you make the first transparent, the servers will need public routable addresses. That will work.

0 Helpful

Go to solution
r-jain
Level 1
Level 1
In response to Collin Clark

‎01-18-2010 02:33 PM

thanks for the reply. I will try next week, let's see whow does it go?

thanks for reply

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card