From: Nouman Ahmed Khan (nouman.khan@mis.com.sa)
Date: Wed May 10 2006 - 14:55:20 ART
Dear friends
I have question regarding ASA designing. Here is the scenario.
I have two 3845 (redundant) connected to two ASA5520 (redundant) (with
AIP-SSM) .The ASAs are connected to two 4507R(redundant) .So it is like
this,
3845------ASA5520------4507R------users+servers
3845------ASA5520------4507R-----users+servers
1|)Can I put my servers in separate DMZ connected to 4507 ?i mean it is not
like PIX where we connect switches connected to servers to one of the
interfaces of PIX and assign it security level.With ASA can we do
Virtualization. May be my question looks stupid but I am new to security.
Can we configure ASA like the FWSM where any of the 6500 ports can be
assigned to the firewall module? Please explain.
2)If the above scenario is applicable and we succeed in configuring the
servers in a separate DMZ,would not ASA become a bottleneck? The 200 users
of the LAN to access servers have to pass the ASA which is connected to the
4507r with GE port?Any comments.
3|) Can anyone suggest a better design?Like replacing ASA with PIX.Please
donot go for 6500 ,my client can not afford it.I chose ASA because it can
provide me firewall as well as IPS services through AIP-SSM module?Any
suggestions.
Regards
Nouman Ahmed Khan
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:21 ART