Looking for a Cisco ASA security solution for our network

Posted on 2009-12-22
Last Modified: 2012-05-08
Our company has acquired a second physical lcation and i'm currently looking for a way to implement Internet and Point-to Point security between the 2 locations. Both sites have (will have) 20Mbps fiber u\d to the Internet and we are looking to implement a dedicated dark-fiber tunnel between the two sites as Time Warner is the ISP for both locations. Is there a way to  implement the type of solution that we seek while using ASA's to secure both the Public Internet connection and the Private dedicated link? We would ideally like to use a single ASA (or equivalent hardware from another vendor) at each location but at this point we are open to sugestions. Thanks in advance.  
Question by:PJCARP628
    LVL 7

    Expert Comment

    How many users are at the remote location and what's the amount of traffic? If its not a lot, an ASA 5505 with the security+ license will work. It will allow you to have multiple VLANs for each network (ISP, PTP and local) and you can assign the multiple interfaces to each one.

    Otherwise, you can do it with a larger ASA (5510 or 5520) and each interface will let you connect to a network. The you will using routing to distinguish the traffic between networks and only NAT traffic going to the ISP.
    LVL 5

    Expert Comment

    I would seriously recommend a 5510 or better over a 5505. A 5505 will seriously choke up that amount of bandwidth unless it's running in transparent mode, in which case I don't think it's a particularly meaningful solution.

    Author Comment

    In our ideal solution we would like to have our dedicated fiber link between our two facilities encrypted and our connections to the public internet for both sites secured and monitored by a 5510 appliance at each location. Will this be possible with the 5510?
    LVL 7

    Accepted Solution

    Yes. You can specify one connection as the "outside" interface for the Internet with a security level of 0 and one interface with a security level of say 50 if you want to restrict access to the remote site.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
    Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now