Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > ASA 5550 behind ASA 5505

Reply
Thread Tools

ASA 5550 behind ASA 5505

 
 
Dogg Child
Guest
Posts: n/a
 
      06-07-2010
Hi all,

excuse me at first if i don't explain this properly, i'll try...
I have one internet link, and two ASA5505's, and two "networks" that need
access from and to internet.
The main idea is that 1st 5505 would be configured with 3 interfaces -
In,Out, DMZ.
Through DMZ i would forward all traffic from one public ip (exmpl. x.x.x.5)
to 2nd 5505. Basically DMZ on 1st 5505 would be connected to Out interface
on 2nd 5505, and not filtering anything.
Out interf. on 1st 5505 would have other pub ip (exmpl. x.x.x.4).
Behind both 5505's i have different subnets that requiers some access from
and to the internet.

q1: Would that kind of wiring and connecting work?

q2: if that would work, is it possible to configure / limit speed/bandwidth
for DMZ "link"?

q3: i guess when 2nd 5505 initiate IPsec tunnel (site-to-site) that the 1st
one wouldn't be aware of that (licence issues?) ?

q4: all services that needs to be accessible from the internet behind 2nd
5505 would be accessible if configured only on 2nd 5505 ?

that's it so far, i hope i wouln't bother you anymore.

Tnx in advance & regards,
--


....
:: Dogg.Child:::Honored.member.of.The.Wu-Tang.Clan ::

dogg[AltGr+V]nkc-sisak.hr
....



 
Reply With Quote
 
 
 
 
Jyri Korhonen
Guest
Posts: n/a
 
      06-08-2010
"Dogg Child" <dogg[AltGr+V]@nkc-sisak.hr> wrote:

> Hi all,
>
> excuse me at first if i don't explain this properly, i'll try...
> I have one internet link, and two ASA5505's, and two "networks" that need
> access from and to internet.
> The main idea is that 1st 5505 would be configured with 3 interfaces -
> In,Out, DMZ.
> Through DMZ i would forward all traffic from one public ip (exmpl. x.x.x.5)
> to 2nd 5505. Basically DMZ on 1st 5505 would be connected to Out interface
> on 2nd 5505, and not filtering anything.
> Out interf. on 1st 5505 would have other pub ip (exmpl. x.x.x.4).
> Behind both 5505's i have different subnets that requiers some access from
> and to the internet.
>
> q1: Would that kind of wiring and connecting work?


Yes, I believe so. But I don't understand why you need the second 5505.

> q2: if that would work, is it possible to configure / limit speed/bandwidth
> for DMZ "link"?


You can set the port speed to 10 Mbps or 100 Mbps.

> q3: i guess when 2nd 5505 initiate IPsec tunnel (site-to-site) that the 1st
> one wouldn't be aware of that (licence issues?) ?


Yes, the first 5505 is just passing the traffic.

> q4: all services that needs to be accessible from the internet behind 2nd
> 5505 would be accessible if configured only on 2nd 5505 ?


Yes, if the first one is configured for full access.
 
Reply With Quote
 
 
 
 
Dogg Child
Guest
Posts: n/a
 
      06-08-2010
Tnx for reply, my answers/questions are below.

--


....
:: Dogg.Child:::Honored.member.of.The.Wu-Tang.Clan ::

dogg[AltGr+V]nkc-sisak.hr
....


"Jyri Korhonen" <(E-Mail Removed)> wrote in message
news:U2rPn.17427$(E-Mail Removed)...
> "Dogg Child" <dogg[AltGr+V]@nkc-sisak.hr> wrote:
>
>> Hi all,
>>
>> excuse me at first if i don't explain this properly, i'll try...
>> I have one internet link, and two ASA5505's, and two "networks" that need
>> access from and to internet.
>> The main idea is that 1st 5505 would be configured with 3 interfaces -
>> In,Out, DMZ.
>> Through DMZ i would forward all traffic from one public ip (exmpl.
>> x.x.x.5) to 2nd 5505. Basically DMZ on 1st 5505 would be connected to Out
>> interface on 2nd 5505, and not filtering anything.
>> Out interf. on 1st 5505 would have other pub ip (exmpl. x.x.x.4).
>> Behind both 5505's i have different subnets that requiers some access
>> from and to the internet.
>>
>> q1: Would that kind of wiring and connecting work?

>
> Yes, I believe so. But I don't understand why you need the second 5505.


second 5505 is needed for other "project" and "routing + VPN's"

>
>> q2: if that would work, is it possible to configure / limit
>> speed/bandwidth for DMZ "link"?

>
> You can set the port speed to 10 Mbps or 100 Mbps.


Can i for example from 10Mbps internet link "give" only 2 Mbps to 2nd 5505?

>
>> q3: i guess when 2nd 5505 initiate IPsec tunnel (site-to-site) that the
>> 1st one wouldn't be aware of that (licence issues?) ?

>
> Yes, the first 5505 is just passing the traffic.


Great.

>
>> q4: all services that needs to be accessible from the internet behind 2nd
>> 5505 would be accessible if configured only on 2nd 5505 ?

>
> Yes, if the first one is configured for full access.


Full access, you mean that full access is enabled on DMZ "port" only. And
other "inside" ports are using firewall rules configured for them only.?


 
Reply With Quote
 
Morph
Guest
Posts: n/a
 
      06-08-2010
In the message <hulf94$5ac$(E-Mail Removed)-com.hr> "Dogg Child"
<dogg[AltGr+V]@nkc-sisak.hr> wrote:

| Can i for example from 10Mbps internet link "give" only 2 Mbps to 2nd 5505?

http://www.cisco.com/en/US/docs/secu...guide/qos.html
 
Reply With Quote
 
Morph
Guest
Posts: n/a
 
      06-08-2010
In the message <(E-Mail Removed)> Morph wrote:

| In the message <hulf94$5ac$(E-Mail Removed)-com.hr> "Dogg Child"
| <dogg[AltGr+V]@nkc-sisak.hr> wrote:
|
| | Can i for example from 10Mbps internet link "give" only 2 Mbps to 2nd 5505?
|
| http://www.cisco.com/en/US/docs/secu...guide/qos.html

Traffic shaping must be applied to all outgoing traffic on a physical
interface or in the case of the ASA 5505, on a VLAN. You cannot
configure traffic shaping for specific types of traffic.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: ASA 5505 behind ASA 5505 Dogg Child Cisco 0 06-07-2010 12:13 PM
ASA 5505 behind Router -> Port-forwarding Steffen Mauch Cisco 0 11-14-2008 01:53 PM
Cascade switches behind ASA 5505 yvette.ye@gmail.com Cisco 1 07-16-2008 10:22 PM
ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated bjorn@kumlait.se Cisco 1 06-17-2007 12:43 PM
Linksys WRT54G / WPC54G / IPAQ 5550 Peter Cisco 1 12-29-2003 08:02 PM



Advertisments