ASA5515 Firewall setup on the same Physical switch

naveed.masood1 · ‎07-21-2017

Hello,

I need advice please how to Setup ASA5515 Ha pair . There is a L3 switch which is directly connected to the ISP router and in the Same switch there is a server + ASA5515 x2 needs to be attached. but i am now sure how to do that.

Karsten Iwen · ‎07-21-2017

Don't do that! Never connect the internet and your internal resources on the same switch. Use different devices for that.
If you still want to do that, use one VLAN for outside/ISP, and one VLAN for the Server. These VLANs don't have IPs on the switch, the IPs are only on the firewall.

naveed.masood1 · ‎07-21-2017

Thanks Karsten for the reply ,

But what about the Inside network . Suppose if the serve is behaving as a Inside network how do i configure it .

dperezoquendo · ‎07-21-2017

Hello,

In addition with Karsten, a 3rd option would be to redesign what you have by putting the ASAs between the ISP and L3 switch.

As for ASA HA configuration, you can refer to: http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_active_standby.html

As for inside network, you simply specify which interface is inside and which is outside. You can refer to: http://www.networkstraining.com/cisco-asa-5506-x-configuration-tutorial-guide/. Granted its for 5506 but its close enough to get you started.