We are going to add a firewall (ASA5505) to protect our inside network but I am unsure on how to integrate with the existing router R2 (Cisco 892FSP) that is currently tunneled with remote site via l2tpv3.
Since xconnect interface (f0/0) at R2 cannot be configured IP address, how the integration between firewall can be done? at least we need to have an IP address for outside interface for the firewall right? or the design itself is incorrect? Appreciate your comments or advice. Thank you.
This Xconnect provides a layer2 extension for both sides. So a very important thing you need to know is if you are going to use a transparent firewall or No, if you are not going to use routed mode then you need to do a change at the ip subnet level since the machines behind the ASA can't be in the same subnet as the outside interface is in.
Thanks for the input, appreciate it. Anyway if lets say I have decided the firewall mode, how is the connection between the R2 and firewall? R2 f0/0 is currently configured with xconnect whereby IP address cannot be configured. Previously, R2 f0/0 interface was connected directly to L2 switch and now we want to add firewall between these 2 devices. Please advice, thanks.
R2 fa 0/0 will not have an ip address, just consider it a layer 2 extension in this case the FW can be a gateway for the subnet behind R1 and you need to change the subnet behind the firewall to avoid the overlap as the FW is running in routed mode.
Thanks for your comment. We're going to run the firewall in transparent mode. I am not sure whether its gonna be working or not as the xconnect interface is configured as subinterface. There are 2 vlans that we need to trunk from ASA to our LAN. Vlan 101 is a mgmt vlan and vlan 1003 will be our LAN that we tunnel to another site. I have configured more than 1 interface with the same vlan which I am not sure can be done or not. You may refer on below diagram and I have also attached the configuration. Appreciate if you could give any comments. Thank you.