[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 587
  • Last Modified:

I was planning to implement ISA 2006 behind/side-by-side with ASA 500 cisco firewall

Hi Guys,

I was planning to implement ISA 2006 behind/side-by-side with ASA 500 cisco firewall. Can anybody tell me the recommended way to go with it?

I read somewhere that if our cisco asa is configured correctly then we do not need isa 2006 in firewall mode and can go for isa2006 caching and webproxy mode.

While i got recommendations of isa 2006 edge firewall settings behind cisco ASA 500 firewall.

Right now i have my network like this :

user > isa2000 > Core Switch > Cisco ASA 500 Firewall  >           >   > ISP

Can i Chnage it to

User > ISA 2006 Edge Firewall > COre Switch > Cisco ASA500 > ................ISP

Kindly guide me for this design please.
Best Regards.
0
Amir4u
Asked:
Amir4u
  • 4
  • 2
1 Solution
 
Keith AlabasterCommented:
Assume that was a typo above where you mention ISA2000.

Depends on your point of view - configure ISA correctly then why bother with the ASA?
Yes - you could configure ASA as the front firewall then not bother having a back end firewall. ISA could be used as a proxy only. Whats the point though?
What do you consider more secure - a single firewall protecting you or two different firewalls from different manufacturers? No brainer isn't it.

yes - you can change it but it depends on what you are going to use the ASA for. if you are going to use the ASA as a front-end firewall and provide the NAT functions/VPN header etc then install the ISA as a back-end firewall (still within the Forefront - edge framework) and route between the internal networks and the subnet between ISA and the ASA.
0
 
Amir4uAuthor Commented:
is it possible to know what ASA dont do and ISA only can do ?
0
 
Keith AlabasterCommented:
Just read the flyer on the site - it is already typed up. As I have never needed to use only a partial solution i have never had to install an ASA.
http://www.microsoft.com/forefront/en/us/benefits.aspx
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Amir4uAuthor Commented:
thanx Keith ...

How about If I NAT the ISA in ASA firewall and then install ISA2006 as Edge Firewall template ?
0
 
Keith AlabasterCommented:
You can do that - it is quite common - but as per my first post, what a waste of money.
You asked for guidance on design. Internet - ASA - ISA - internal LAN. One of the eaasiest to setup and one of the most powerful combinations.
0
 
Keith AlabasterCommented:
Thanks :)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now