I don't think this breaks the sidebar rules. Apologies if I'm wrong.
I'm going to be combining two networks, which are essentially two separate lines of business, into one rack. I need to buy a new set of HA firewalls and I'm not sure what to get. I've always been a Cisco guy, but the more ASAs I get in my environment the more pissed off I get that there's no good way to centrally manage them. So, I'm open to other suggestions.
Here are the details of what I'm trying to do:
I'll have two WAN connections coming in, each with its own /27, each from a different telco, and essentially each needs to talk to its own set of internal vlans.
I don't need much in the way of speed, each of my WAN links is only 100Mbps but I DO need some pretty strong NAT capabilities. One of the ASAs I'll be migrating to this new HA pair has about 700 individual NAT statements and that is likely to grow significantly. And decent L2L VPN capabilities. Currently have ~200, that may grow also.
My real hang up is the two WAN links and routing. One set of internal vlans will only receive traffic on one WAN link, and can only send data out that same WAN link. The other vlans have to use the other WAN link. Can an ASA even do that? I've only ever set up an ASA to use a secondary WAN as a failover (and that doesn't work half the time).
For compliance and budget reasons I can only buy one set of HA firewalls. It would be so much easier to just keep these networks on separate devices with their own WANs, but that's not an option right now.
Can anyone offer any advice on the design, whether the ASAs will do what I need, if not, what firewall will, and secondarily, what size ASA should I look at - at 5525, 5585, bigger?
Thanks in advance.
Edit: added some info on the VPN needs
No comments:
Post a Comment