ASA at the PUBLIC/PRIVATE edge. /29 subnet - need to use one of 6 public IP's for dual edge firewall
Posted on 2013-02-02
Ill Try and explain :)
Our ISP routes to our /29 subnet. - I imagine to do so they route to our outside interface of our ASA. We have no router attached to the outside interface of our ASA. The outside interface of ASA is attached to a L2 Cisco switch - and then cabled out to net. - I'm presuming then that our ISP's gateway to our subnet is the public IP of the outside interface of our ASA
Ok - with a /29 subnet I have further public IP's to use. - I want to buy a co-edged Polycom firewall for vid-conference. I want to plug the outside interface of this polycom firewall into the external Cisco switch and give it one of our 6 public Ip's. (it will therefore be separate from the ASA. The polycoms firewalls internal interface will then plug into our internal LAN. The vid-conference internally will be on separate vlan to data (internal core switches)
The question I have is will this work? The traffic destined for the polycom outside interface will hit the outside interface of the ASA.(as a route back to the /29 subnet) But then what - Is it so that an ASA wont send traffic out the interface it received on.? to reach the polycom- Or will ARP somehow take care of it ? - discovering the outside interface IP of the polycom?
Sorry this might be simple answer - but I'm unsure if this will work. Thanks - If not what do I need to do. We have 6 public IP's - Do I need an external router outside of ASA - or is there another way? - thanks