Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
5
Helpful
1
Replies

Two Cisco ASA in series

jjevans
Level 1
Level 1

‎10-14-2021 06:32 AM

I have two Cisco ASA firewalls and would like to run these in series for a specific reason, but I would not like to get into the details. My question is how to make it work properly for inbound traffic to reach the 192.168.10.X network and outbound traffic to reach ISP from the 192.168.10.X network.

 

ASA Firewall One - Outside = 75.X.X.X (ISP) / Inside = 192.168.100.1

ASA Firewall Two – Outside 192.168.100.2 / Inside = 192.168.10.1

 

My assumption is a default route on the outside interface on Firewall One and a static route on Firewall one inside interface that points to Firewall Two outside interface.

 

ASA-One(config)# route outside 0.0.0.0 0.0.0.0 75.X.X.X.X

 

ASA-One(config)# route inside 192.168.10.0 255.255.255.0 192.168.100.2

 

And a default route on Firewall Two outside interface pointing to Firewall one inside interface.

 

ASA-Two(config)# route outside 0.0.0.0 0.0.0.0 192.168.100.1

 

Any insight is appreciated.

0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎10-14-2021 06:38 AM

that should work in routing point of view.

 

If the ASA 2 not doing NAT, then you need to add 192.168.10.X  in NAT  config on ASA 1

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card