rweaver313
asked on
Cisco ASA Firewalls
I am new to an organinzation and trying to figure out why the network is configure the way it is and also troubleshoot some problems that I am experiencing. My organization has the following network setup:
> Campus A (Main Campus) 45MB connection to Internet
> Campus B 45MB point to point connection to Campus A
> Campus C 10MB point to point connection to Campus A
> Each campus has Cisco ASA 5510 firewall provided and configured by the organization
> Each campus has a layer 2 switch provided and configured by the ISP for the point to point connections
> The Cisco firewalls at campus B & C have two firewall access rules configured, 1 incoming rule and 1 outgoing rule, both firewalls are doing EIGRP routing with 1 static route to the inside interface on the Cisco ASA firewall at campus A. Campus B & C have a Cisco 4500 layer 3 switch as the next hop after the Cisco ASA firewall.
Problems:
The network seems that the network was designed as if each campus was independent of each other and that there would be no communication with the other campuses. For example, we are only able to telnet or ping devices on the specified campus. there are vlans at each campus that are unable spand the network to the other campuses. There are domain controllers, DNS, DHCP servers at each campus because of the non-communication between campuses.
We have network monitoring software that uses SNMP but we can't see all devices across every campus. In order to see all devices, we have to install the monitioring software up on each campus. We would like to be able to monitor all devices from one location.
Questions:
Since campus A is the gateway to the Internet for Campuses B & C, do we need to have the Cisco ASA firewall in place at campus B & C? Is there any negative impact on the network if the Cisco ASA firewalls are removed from Campus B & C? What are the benefits? How can the network be configured to have all devices at all campuses communicating with each other? With and without the Cisco ASA firewalls. How do we have to configure the network to utilize SNMP and see all devices at each campus?
Any suggestions are appreciated. Thanks!
> Campus A (Main Campus) 45MB connection to Internet
> Campus B 45MB point to point connection to Campus A
> Campus C 10MB point to point connection to Campus A
> Each campus has Cisco ASA 5510 firewall provided and configured by the organization
> Each campus has a layer 2 switch provided and configured by the ISP for the point to point connections
> The Cisco firewalls at campus B & C have two firewall access rules configured, 1 incoming rule and 1 outgoing rule, both firewalls are doing EIGRP routing with 1 static route to the inside interface on the Cisco ASA firewall at campus A. Campus B & C have a Cisco 4500 layer 3 switch as the next hop after the Cisco ASA firewall.
Problems:
The network seems that the network was designed as if each campus was independent of each other and that there would be no communication with the other campuses. For example, we are only able to telnet or ping devices on the specified campus. there are vlans at each campus that are unable spand the network to the other campuses. There are domain controllers, DNS, DHCP servers at each campus because of the non-communication between campuses.
We have network monitoring software that uses SNMP but we can't see all devices across every campus. In order to see all devices, we have to install the monitioring software up on each campus. We would like to be able to monitor all devices from one location.
Questions:
Since campus A is the gateway to the Internet for Campuses B & C, do we need to have the Cisco ASA firewall in place at campus B & C? Is there any negative impact on the network if the Cisco ASA firewalls are removed from Campus B & C? What are the benefits? How can the network be configured to have all devices at all campuses communicating with each other? With and without the Cisco ASA firewalls. How do we have to configure the network to utilize SNMP and see all devices at each campus?
Any suggestions are appreciated. Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also, all you have to do is create peer-to-peer VPNs and that should take care of the access problem.