philb19
asked on
ASA at the PUBLIC/PRIVATE edge. /29 subnet - need to use one of 6 public IP's for dual edge firewall
Hi,
Ill Try and explain :)
Our ISP routes to our /29 subnet. - I imagine to do so they route to our outside interface of our ASA. We have no router attached to the outside interface of our ASA. The outside interface of ASA is attached to a L2 Cisco switch - and then cabled out to net. - I'm presuming then that our ISP's gateway to our subnet is the public IP of the outside interface of our ASA
Ok - with a /29 subnet I have further public IP's to use. - I want to buy a co-edged Polycom firewall for vid-conference. I want to plug the outside interface of this polycom firewall into the external Cisco switch and give it one of our 6 public Ip's. (it will therefore be separate from the ASA. The polycoms firewalls internal interface will then plug into our internal LAN. The vid-conference internally will be on separate vlan to data (internal core switches)
The question I have is will this work? The traffic destined for the polycom outside interface will hit the outside interface of the ASA.(as a route back to the /29 subnet) But then what - Is it so that an ASA wont send traffic out the interface it received on.? to reach the polycom- Or will ARP somehow take care of it ? - discovering the outside interface IP of the polycom?
Sorry this might be simple answer - but I'm unsure if this will work. Thanks - If not what do I need to do. We have 6 public IP's - Do I need an external router outside of ASA - or is there another way? - thanks
Ill Try and explain :)
Our ISP routes to our /29 subnet. - I imagine to do so they route to our outside interface of our ASA. We have no router attached to the outside interface of our ASA. The outside interface of ASA is attached to a L2 Cisco switch - and then cabled out to net. - I'm presuming then that our ISP's gateway to our subnet is the public IP of the outside interface of our ASA
Ok - with a /29 subnet I have further public IP's to use. - I want to buy a co-edged Polycom firewall for vid-conference. I want to plug the outside interface of this polycom firewall into the external Cisco switch and give it one of our 6 public Ip's. (it will therefore be separate from the ASA. The polycoms firewalls internal interface will then plug into our internal LAN. The vid-conference internally will be on separate vlan to data (internal core switches)
The question I have is will this work? The traffic destined for the polycom outside interface will hit the outside interface of the ASA.(as a route back to the /29 subnet) But then what - Is it so that an ASA wont send traffic out the interface it received on.? to reach the polycom- Or will ARP somehow take care of it ? - discovering the outside interface IP of the polycom?
Sorry this might be simple answer - but I'm unsure if this will work. Thanks - If not what do I need to do. We have 6 public IP's - Do I need an external router outside of ASA - or is there another way? - thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
sorry you right - static routes shows gateway of next hop - thanks for answering - simple answer :)
ASKER
thanks - helpul but I checked and there is no gateway set on any interface of the ASA
just default route 0.0.0.0 - to ISP IP address - SO if i set the gateway to the ISP IP - i should be right?