Link to home
Start Free TrialLog in
Avatar of Amir4u
Amir4uFlag for Canada

asked on

I was planning to implement ISA 2006 behind/side-by-side with ASA 500 cisco firewall

Hi Guys,

I was planning to implement ISA 2006 behind/side-by-side with ASA 500 cisco firewall. Can anybody tell me the recommended way to go with it?

I read somewhere that if our cisco asa is configured correctly then we do not need isa 2006 in firewall mode and can go for isa2006 caching and webproxy mode.

While i got recommendations of isa 2006 edge firewall settings behind cisco ASA 500 firewall.

Right now i have my network like this :

user > isa2000 > Core Switch > Cisco ASA 500 Firewall  >           >   > ISP

Can i Chnage it to

User > ISA 2006 Edge Firewall > COre Switch > Cisco ASA500 > ................ISP

Kindly guide me for this design please.
Best Regards.
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image

Assume that was a typo above where you mention ISA2000.

Depends on your point of view - configure ISA correctly then why bother with the ASA?
Yes - you could configure ASA as the front firewall then not bother having a back end firewall. ISA could be used as a proxy only. Whats the point though?
What do you consider more secure - a single firewall protecting you or two different firewalls from different manufacturers? No brainer isn't it.

yes - you can change it but it depends on what you are going to use the ASA for. if you are going to use the ASA as a front-end firewall and provide the NAT functions/VPN header etc then install the ISA as a back-end firewall (still within the Forefront - edge framework) and route between the internal networks and the subnet between ISA and the ASA.
Avatar of Amir4u

ASKER

is it possible to know what ASA dont do and ISA only can do ?
Just read the flyer on the site - it is already typed up. As I have never needed to use only a partial solution i have never had to install an ASA.
http://www.microsoft.com/forefront/en/us/benefits.aspx
Avatar of Amir4u

ASKER

thanx Keith ...

How about If I NAT the ISA in ASA firewall and then install ISA2006 as Edge Firewall template ?
ASKER CERTIFIED SOLUTION
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks :)