Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA with multiple distinct networks

Status
Not open for further replies.
mobiledynamics

mobiledynamics

Technical User
Jun 4, 2008
95
US
Need some advice for colocation. We are 3 distinct companies running under 1 umbrella. However, each company should not see each *other* under the VPN.
I am planning to move all servers to colocation.

I take it at least one L2 switch would be required.

ASA5510 firewall will be serving as our main headend VPN to all the 3 branch companies.
On the switch we would separate the 3 VLANS.
From there, the servers would be under those separate VLANS.


Bearing that the ASA5510 has 5 ports, I would not need a second switch right ?
Port 1 would be the Ethernet drop from our transit provider.
Port 2, 3 and 4 would be the crossconnects back to our switch (vlan 1, 2 and 3 ports).
I would then connect the servers under the appropriate ports that are in the corresponding vlan.

Does this sound/look about right...

 
Sort by date Sort by votes
I take it at least one L2 switch would be required.
Click to expand...
Maybe more depending on the number of servers you have
Bearing that the ASA5510 has 5 ports, I would not need a second switch right ?
Click to expand...
Again, it depends on the number of servers you have
Port 1 would be the Ethernet drop from our transit provider.Port 2, 3 and 4 would be the crossconnects back to our switch (vlan 1, 2 and 3 ports).I would then connect the servers under the appropriate ports that are in the corresponding vlan.
Click to expand...
The physical configuration really depends on the bandwidth requirements of the servers. You could get away with using a single interface connecting to the switch and configuring it as a trunk. If they are supposed to be high bandwidth servers then the single interface may be a bottleneck.

You can keep traffic going from one branch to another by:
-making sure that your crypto acls on the branch devices are correct.
-add an acl inbound on the inside interface of each branch device that will permit traffic from the local lan to the colo lan and nowhere else.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
306
iggsterman
iggsterman
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
545
BIS
BIS
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
151
quazimotto
quazimotto
inlsp05
  • Locked
  • Question
2811 ios start with cf
Replies
0
Views
194
inlsp05
inlsp05
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
270
Geraldine Souza
Geraldine Souza

Part and Inventory Search

Sponsor

Back
Top