Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
564
Views
0
Helpful
1
Replies

Where to sit ASA in current Network

GRANT3779
Spotlight
Spotlight

‎04-21-2013 06:29 AM - edited ‎03-11-2019 06:32 PM

Hello All,

I've never worked with ASA before and trying to understand where it would sit in my current network.

Currently have a LAN with around 10 vlans. All Intervlan routing is done through the Layer 3 switch/core. We have around 3 different providers that provide us with outside access, e.g Internet provider, satellite providers and MPLS provider. Would the ASA need to sit between the LAN and all 3 of those WAN providers? The 3 WAN providers come in on their own subnet/vlan so I'm unsure how to configure the ASA for this, or even where it would sit in the topology.

My basic understanding is that an ASA provides security between an outside network and and inside network, but I'm a bit lost as to what happens when there are say 3 outside networks...not sure where to start

Hopefully that makes sense and someone can offer an easy to understand explanation..

Thanks

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎04-21-2013 06:38 AM

Hi,

Generally I would tell you to either to

  • Configure a new Vlan interface and Vlan between the Core and the ASA and default route for your LAN networks towards the ASA
  • Or configure a trunk between the core and the ASA and let the ASA do the routing between the Vlans (though it might become a bottle neck depending on the ASA model and depending on the volume of traffic between the Vlans/LANs)

Though you say that you have 3 external connections.

This is not something that ASA handles all that well. It has always been a situation where the ASA usually either uses only one of the WAN connections or you use the NAT configurations to split the WAN usage on the basis of the LAN network.

I guess the hardest situation would be that if each of the WAN connections are using a default route. Then you would have to resort to either using the NAT on the ASA to decide which traffic goes where or possibly configure somekind of Policy Based Routing on the core device.

I guess if you could provide some simple picture of the current network setup without the ASA it would help us get a picture of the situation.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card