Solved

Where to place a Cisco 5510 ASA with IPS?

Posted on 2011-03-11
3
731 Views
Last Modified: 2013-11-29
Hi,

I need a solution to best place a cisco asa 5510 with IPS on my network. I have the WAN (Internet)  a DMZ (Proxy Server) and LAN (Domain) of another cisco asa 5520 for my network and would like to know where would be the best place to fit/place this new ASA 5510 with IPS.

Thanks
0
Comment
Question by:CBB
3 Comments
 
LVL 3

Expert Comment

by:tearman
ID: 35109527
You might consider placing it between the WAN and your older ASA.  This would allow you to utilize the IPS more effectively in this case without having to completely uproot your older ASA (which I assume isn't an option).
0
 

Author Comment

by:CBB
ID: 35109601
I don't want to remove the ASA 5520. I want to have both of  them on the network but I'm not sure where to place the ASA 5510 with IPS. Was thinking of placing the IPS either on the DMZ or LAN of the existing ASA 5520.... ?????
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 35112480
You would want to place the ASA with IPS along the most used network channel that would need protection.    If you are protecting the internal network, then I would say place it between the existing ASA and the internal LAN to watch that traffic.    If it is for the DMZ  you would want to place it there.       Ideally, the IDS would be at the center point of the network so that the ASA with IDS would hand both zones for inside and DMZ allowing for maximum coverage.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question