I don't know if it is possible or not, but I have two ASA 5505 and what I am wanting to do is take my internet connect and split it into two networks. So from the modem place a switch and then from the switch place each ASA 5505 then route from there. I have a Cisco 3600 and a 2600, the only reason I want to spilt the internet connect is so that I can mess with my Cisco equipment and not interfer with the acutual internet connect we use on the other network. Hopefully what I am think makes sence and it is possible, and suggestions wouldbe great.
It would be great if you could provide the existing network topology & then drwa a separate diagram showing on what you wanna do.
We would have to check if both of ASA are being used right now (may be in failover) or is it just one ASA doing all the job for you.
We can create vlans & have one network separate altogether so that it may not interfere with internet connection.
Just by reading at your question, it doesn't really look difficult on what you are trying to do, however, details are required so that we can guide you in the right direction.
Also, share the config of both ASA.
Alright here is my diagram..
Internet ---> Modem ----> Gig Switch ----> ASA1 ---> 2600 Router ----> Switch ----> Cisco Lab
----> ASA2 ---> 3660 Router ----> Switch ----> Workstations
Hopefully that makes scense. I don't think I have the failover option for my ASA's. I got them from ebay, so everything was wipped clean. Since I have both of them, I would like to employ them both and not have on sittng around doing nothing.
Some Design options:
->Assunimg ASA1 is your new ASA
1) The best possible manner in which they can setup is the failover scenario, so that if one of the ASA goes down beacuse of any reason, the new ASA takes over & routes/NAT etc. Both the ASA will be in the same vlan on Gig Switch. Here are some of key points that you need to be aware of for failover:
1.1 You would need another IP address (outside address -public) for the new ASA. Will your ISP provide two IP from the modem? I guess not. Have you been provided with a pool of public IP?
If not, this would not work.
1.2 Hardware of both ASA should be exactly identical.
For more details, take a look at the following link for failover:
2) Do the devices behind new ASA need internet access? If they don't & the idea is just to deploy the new ASA & create a altogether diff network, then you can configure a vlan on the Gig Switch, & connect you new ASA to the port in the new vlan on the switch. But that brings me to the question on what does it achieve?
3) If you want the devices behind new ASA to access the internet, there is one way. Connect the two ASA together, may be DMZ & route the traffic to internet from new ASA to old ASA.