Here is my ideal wire configuration
Bad idea in the real world. I know. But this is for my company's mock lab for new equipment we ship out the customers. Our mock team emulates what the client would see once we ship the servers and does some pre-updating and quality assurance. We have a 10.1.1.0 /24 standard for nearly all of our commercial deployments and our servers all have the same 10.1.1.1 through .150 addresses and .254 gateway. We also have some government clients that have other standards using public addressing.
We currently use about 10 ASA 5505s to segregate these 10.1.1.0/24 VLANs and other VLAN subnets, but I want us to move to a rack with if possible, one 5520, or one 5506-X. Our QA/installation team abuses these firewalls and they die randomly, or find their way in trashcans [not kidding]. Not to mention that we have to get in each firewall remotely to do configuration changes for site that have a different standard.
I'd like to centralize one rack, trunk three 3750 access switches to one distro switch, and trunk that to the firewall, which would be running sub-interfaces CAT5e would be conduit-ed from the access switches to each of the tables [each table representing a different client mockup station VLAN]. In the diagram there are only two stations per table but in reality there could be as many as 15-20 datapoints and servers per site. Of course the central problem would be overlap on these 10.1.1.0/24 networks that are being mocked simultaneously.
I've read multiple context firewalling could do this when applied to subinterfaces on an ASA -- multiple say, 10.1.1.254 255.255.255.0 IPs on multiple subinterfaces -- but I have not been able to test it out and the 5520 we have has just a base license offering 2 context instances. I'd like to have at least 4. I'm sure there is a new hardware solution but I'm just the network pipes guy and the higher ups won't want to give us any better equipment when we have literally hundreds of ASA 5505s lying around. I also have a few 5506-Xs but those don't offer Multiple Context firewalling.
Does anyone have any ideas? I am at wits end with these 5505s
No comments:
Post a Comment