Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1783
Views
0
Helpful
2
Replies

How to implement Dual firewall.

kkwaskcisco
Level 1
Level 1

‎01-10-2015 07:22 PM - edited ‎03-11-2019 10:19 PM

Hello;

 

I want to implement dual firewalls in my network, one facing to internet and another one facing to LAN, currently I have a Firewall B facing to internet and LAN and have a IPsec VPN for site to site.  If I need to place a new Firewall A in front of Firewall B and facing to internet, where should I teminate my site to site VPN?  And how to direct the traffic from interent to Firewall A, then Firewall B, using double NATTING? or all any any from Outside interface of Firewall A to the Outside interface of Firewall B?  I am using ASA 5512X.

 

LAN ---> Firewall B ---------> Firewall A --------> Internet

                                   |

                                   |

                                DMZ

 

How to direct the traffic from internet back to LAN?

 

Thanks!

 

Labels:
0 Helpful
2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

‎01-12-2015 04:04 AM

Hi,

 

What is the reason of inserting another firewall in front of the currently used firewall?

 

With regards to the VPN I would rather use the VPN on the firewall on the edge of the network or have a separate VPN gateway device on the edge of the network.

 

I am not sure that I understand the problem with forwarding the traffic? You should simply have the proper routes configured on the firewalls and other connected devices to forward the traffic correctly.

 

I also don't really understand what you mean by the double NAT in this case?

 

I think we need some clarifications on why you are changing the setup like this and what you want to achieve.

 

- Jouni

0 Helpful

kkwaskcisco
Level 1
Level 1
In response to Jouni Forss

‎01-16-2015 06:28 PM

Hi Jouni

 

Thanks for your response.  The reason of placing a 2nd firewall facing to internet is for security reason, try to enhance the security in network.

I was thinking to put the route also but not sure if this is the correct path to do.  I was thinking, the connection like this way.

1. connect the WAN interface of Firewall B to LAN interface of Firewall A with a network cable. (I think this is correct connection)

2. Assign a LAN ip for Firewall B WAN interface, like 192.168.0.1

3. Assign a LAN ip for LAN interface of Firewall A, like 192.168.0.254

4. Assign the public ISP IP for WAN interface on Firewall A for internet connection.

5. On Firewall B, using a static route to route all inbound traffic from any any through 192.168.0.254 because 192.168.0.254 will be the gateway.

route outside 0 0 192.168.0.254

6. On Firewall A, routing all traffic to internet through ISP gateway.

 

But, what will be the command looks like for inbound traffic from Firewall A to Firewall B, then to ensure that it can go to the LAN side on Firewall B?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card