Network design questions - Layer 3 switches w/ ASAs
Hi,
I am preparing an upgrade to our network, we have 2 x ASA 5510 Sec Plus devices, and 2 x Cisco 3560 L3 switches.
I am planning on doing Active/Passive with the ASAs at the edge, however, I'm worried about interVLAN routing on the layer 3 switches as far as ACL management. I want to use the 3560s as the default gateway (HSRP) for all the equipment behind in order to use wire speed transfers between VLANs. ACL management on the ASA is infinitely easier to manage than on the L3 switches. I'll need 2 sets of ACLs (which will be mostly the same since it is multi-tenant)... does anyone have any advice on this configuration?
Thank you!
I am preparing an upgrade to our network, we have 2 x ASA 5510 Sec Plus devices, and 2 x Cisco 3560 L3 switches.
I am planning on doing Active/Passive with the ASAs at the edge, however, I'm worried about interVLAN routing on the layer 3 switches as far as ACL management. I want to use the 3560s as the default gateway (HSRP) for all the equipment behind in order to use wire speed transfers between VLANs. ACL management on the ASA is infinitely easier to manage than on the L3 switches. I'll need 2 sets of ACLs (which will be mostly the same since it is multi-tenant)... does anyone have any advice on this configuration?
Thank you!
DIPRAJ
better you go for HA mode for the ASA.
ASKER
What do you mean? I am planning on using the 2 ASAs with Active/Standby mode would that be HA?
This should work for you
http://acl-manager.cyber-operations-inc.qarchive.org/
http://acl-manager.cyber-operations-inc.qarchive.org/
Just so I understand correctly: Are you worried about traffic getting routed directly between vlans on the 3560s, instead of being handled by the firewalls, or is that your intention?
ASKER
I am worried about both. Reason being, there are a dozen or so servers behind the 3560s that should not have access to each other, the sames rules on the firewall should apply to the 3650
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.