Thanks mate,

At the moment i have LAN > ASA> Router 

and the outside public IP is on the ASA outside interface faceing the router.

I want to be able to VLAN my network mabye without a layer 3 switch but router on a stick but how do I point the vlans to the asa as there gatway if the router on a stick is routing between them.

??????? 

P.s thank you for the qucik reply 

the router at the moment is just internet. 

so can I have the 2 routers behind the ASA with hsrp and intervaln routing and the WAN going into the ASA? what will then be the gateway for hosts then will it still be the routers then a ACL from the routers to the ASA?

jeff

P.s there are no vlans at the moment .

currently LAN   >ASA   >Huwie Router 

                                        (Just For internet)

I want to VLAN 7 departments, doing this I will need to set a default gateway for each vlan network. (meaning I cant put the Router after the ASA).

I am aware I can route between VLANs on ASA but how many?

LAN>    RO1   >   ASA(Outside Public IP)

             RO2   >   ASA

 (make routers the GW for Hosts)

Can I do this ^.   I know how to create vlans, HSRP on routers.

Where do I NAT on the ASA or interface facing the ASA from router?

I have alot of questions I appologise I am stuck lol. Thanks again. 

I have attached a Diagram to expolain.

I have put a diagrom i the word document ignore the one below 

No problem ask as any questions you like.

I notice in your diagram there are two firewalls, is that what you already have.

You can have your routers inside the firewalls.

The routers route between vlans and have a default route pointing to the firewall.

The firewall had a default route to the ISP and routes for the internal IP subnets pointing back to the routers.

The clients default  gateways are the subinterfaces on the routers.

Or you can not use the routers at all and use the firewall(s) only.

I am assuming the internet connections can be connected directly to the firewalls ?

Whichever you choose the firewall does all the NAT for clients.

The question about how many firewalls is important though because if you have dual internet connections that can complicate things.

Could you clarify ?

Like I say ask as much as you want, that's what these forums are for.

Jon

Thanks mate much appreciated.

This is my design and I am testing it. I am happy with the ISP going into the ASA(s).

My issue is with the ASA's I have little expierence with them and we have them managed out of house, so conifguration isnt a problem to the ISP, VPN etc. 

You mention a default route pointing to the firewalls. Is this the connection between the routers and the ASA's? 

Do I just configure a route between the 2901 gig0/1 int pointing to asa and the ASA's eth0/1 pointing back to the router for each. Configure a route out of routers interface to the asa's ?

it is 2 seperate ISP lines int to the ASA one in each.

Do I give the two inside interfaces on the ASA's ips? 

Basically how do I configure the the Routes for all clients to get to the firewall, for them to be natted and sent out?

Whos gateway changes to allow the clients going for there router gateway to go to the ASA?

All I need now mate is to be able to know how to get my clients to ping the ASA inside interface with there router gateway? 

Are the ASAs acting as a pair or are they standalone firewalls ?

Jon

at the moment I have it standalone, if you were to say tak one of those firewalls out so it was 2 routers going to asa then to internet how would i configure that.