Avatar of rweaver313
rweaver313
 asked on

Cisco ASA Firewalls

I am new to an organinzation and trying to figure out why the network is configure the way it is and also troubleshoot some problems that I am experiencing.  My organization has the following network setup:

> Campus A (Main Campus) 45MB connection to Internet
> Campus B 45MB point to point connection to Campus A
> Campus C 10MB point to point connection to Campus A
> Each campus has Cisco ASA 5510 firewall provided and configured by the organization
> Each campus has a layer 2 switch provided and configured by the ISP for the point to point connections
> The Cisco firewalls at campus B & C have two firewall access rules configured, 1 incoming rule and 1 outgoing rule, both firewalls are doing EIGRP routing with 1 static route to the inside interface on the Cisco ASA firewall at campus A. Campus B & C have a Cisco 4500 layer 3 switch as the next hop after the Cisco ASA firewall.

Problems:
The network seems that the network was designed as if each campus was independent of each other and that there would be no communication with the other campuses. For example, we are only able to telnet or ping devices on the specified campus. there are vlans at each campus that are unable spand the network to the other campuses. There are domain controllers, DNS, DHCP servers at each campus because of the non-communication between campuses.
We have network monitoring software that uses SNMP but we can't see all devices across every campus. In order to see all devices, we have to install the monitioring software up on each campus. We would like to be able to monitor all devices from one location.

Questions:
Since campus A is the gateway to the Internet for Campuses B & C, do we need to have the Cisco ASA firewall in place at campus B & C? Is there any negative impact on the network if the Cisco ASA firewalls are removed from Campus B & C? What are the benefits? How can the network be configured to have all devices at all campuses communicating with each other? With and without the Cisco ASA firewalls. How do we have to configure the network to utilize SNMP and see all devices at each campus?

Any suggestions are appreciated. Thanks!
Hardware FirewallsNetwork ArchitectureNetwork Operations

Avatar of undefined
Last Comment
ArneLovius

8/22/2022 - Mon
Jan Bacher

Segmenting the network doesn't hurt but you don't say what subnet is assigned to each location.

Also, all you have to do is create peer-to-peer VPNs and that should take care of the access problem.
ASKER CERTIFIED SOLUTION
ArneLovius

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck