I'm trying to start a very high level design for our network upgrade for our main office. I figure i'd start with a Visio and by figuring out the Cisco ASA and wiring. It is attached to the post. This upgrade will come though as many questions, but i'll break it up into smaller pieces first. Right now i'd like just to focus on the ASA and its connections to the routers and DMZ.
Here is what we have coming into our network and what it is used for:
Fiserv T1: Used to access a specific network for one application.
Broadview MPLS Bonded T1: Used for remote offices to connect to us for their apps and e-mail, used for incoming/outgoing e-mail, used for Citrix Access Gateway when people work from home at night, and used by our First Data VPN router for ATM transcations.
Verizon FIOS: Used for Internet via our MS ISA Server, used as a VPN to run backups, used a a backup VPN when/if the Fiserv T1 goes down.
To start off with how about we discuss the Cisco ASA. I'm thinking of using HA in Active/Active Mode.
Can the ASA 5510 have more than one device in the DMZ? If so, does that mean I attach a switch to ASA DMZ port or how does that work?
Do all the items listed in the DMZ belong there? If not where do they belong? From experience I know the ISA and Eagle belong there. I feel the other two VPN routers might possibly work better if connected tot he Cisco 2811 Router - FrontLine.
When using ASA with HA then each device in the DMZ needs a connection to both ASAs via dual nics and dual cat5e?
Does the Cisco 2811 Router - Fiserv T1 have to connect to the Cisco 2811 Router - FrontLine or can the Fiserv T1 router directly connect to both ASAs? The Fiserv T1 is only used to access 1 specific app in a specific IP range.
I'd like to say thanks for your insight on my initial posting. The Visio Stencils from Dell / Cisco are great.