02-29-2008 08:29 PM - edited 03-11-2019 05:10 AM
I need to install two ASAs, one with AIP-SSM module and other with CSC-SSM in the same network. Is it possible? If so how can i connet the two devices together.
02-29-2008 10:07 PM
You can if you are not planning on using failover, since both unit need to report the same hardware type.
Here is the link that details the failover requirements:
02-29-2008 10:11 PM
Thank you sir,
can u please specify the physical connection details..... Actually i need to pass the traffic through both the devices one after another to get the IPS and Anti X features.... Then how should i connet both the devices together??
02-29-2008 10:26 PM
Well, if you are thinking about stacking both devices like so:
ISP-----Out-ASA/IPS-In---Out-ASA/CSC----inside
You can, but you are going to need to think about the overhead the IPS and CSC module scanning is going to create. In addition, you are going to create a more complex configuration on both units for traffic to pass. However, you can limit this by turning off NAT-CONTROL on both units, but, this will create some security concerns.
I hope this helps
02-29-2008 11:26 PM
So as u said i can connet both devices back to back, from one's any port to other's any port, isnt it..??
Like
ISP <--> ASA1 GE0
ASA1 GE1 <--> ASA2 GE0
ASA2 GE1 <--> Inside
03-07-2008 12:13 AM
u can use the on firewall as a routing device and another firewall as a tranparent mode. so the network diagram like
ISP-----> ASA (csc) --------> ASA (aip) transparent ---------> switch
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide