Amir4u
asked on
I was planning to implement ISA 2006 behind/side-by-side with ASA 500 cisco firewall
Hi Guys,
I was planning to implement ISA 2006 behind/side-by-side with ASA 500 cisco firewall. Can anybody tell me the recommended way to go with it?
I read somewhere that if our cisco asa is configured correctly then we do not need isa 2006 in firewall mode and can go for isa2006 caching and webproxy mode.
While i got recommendations of isa 2006 edge firewall settings behind cisco ASA 500 firewall.
Right now i have my network like this :
user > isa2000 > Core Switch > Cisco ASA 500 Firewall > > > ISP
Can i Chnage it to
User > ISA 2006 Edge Firewall > COre Switch > Cisco ASA500 > ................ISP
Kindly guide me for this design please.
Best Regards.
I was planning to implement ISA 2006 behind/side-by-side with ASA 500 cisco firewall. Can anybody tell me the recommended way to go with it?
I read somewhere that if our cisco asa is configured correctly then we do not need isa 2006 in firewall mode and can go for isa2006 caching and webproxy mode.
While i got recommendations of isa 2006 edge firewall settings behind cisco ASA 500 firewall.
Right now i have my network like this :
user > isa2000 > Core Switch > Cisco ASA 500 Firewall > > > ISP
Can i Chnage it to
User > ISA 2006 Edge Firewall > COre Switch > Cisco ASA500 > ................ISP
Kindly guide me for this design please.
Best Regards.
ASKER
is it possible to know what ASA dont do and ISA only can do ?
Just read the flyer on the site - it is already typed up. As I have never needed to use only a partial solution i have never had to install an ASA.
http://www.microsoft.com/forefront/en/us/benefits.aspx
http://www.microsoft.com/forefront/en/us/benefits.aspx
ASKER
thanx Keith ...
How about If I NAT the ISA in ASA firewall and then install ISA2006 as Edge Firewall template ?
How about If I NAT the ISA in ASA firewall and then install ISA2006 as Edge Firewall template ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks :)
Depends on your point of view - configure ISA correctly then why bother with the ASA?
Yes - you could configure ASA as the front firewall then not bother having a back end firewall. ISA could be used as a proxy only. Whats the point though?
What do you consider more secure - a single firewall protecting you or two different firewalls from different manufacturers? No brainer isn't it.
yes - you can change it but it depends on what you are going to use the ASA for. if you are going to use the ASA as a front-end firewall and provide the NAT functions/VPN header etc then install the ISA as a back-end firewall (still within the Forefront - edge framework) and route between the internal networks and the subnet between ISA and the ASA.