Hello Carlos,
Client has pair of these devices in place, he need the full redundant
solution for his Buisness web server with 0 downtime if incase any device
fails ,can u help me for the same to prepare a full redundant design,
I have prepared a design on which web site i can share with u.
ASA-----2 Nos
ASA-SW-----2 Nos
DMZ-SW -----2Nos
IPS ------2 Nos
Server ---- 2 NIC
On Fri, Feb 11, 2011 at 3:58 AM, Carlos G Mendioroz <tron_at_huapi.ba.ar>wrote:
> Don't worry, you won't be tested on this kind of design...
> -Carlos
>
> estela Mathew @ 10/02/2011 20:00 -0300 dixit:
>
>> Hello Carlos,
>>
>> I want the DMZ zone to be fully redundant i m having pair of devices
>> listed below and server with 2 NIC, Can u help me out with the same, I have
>> prepared a topology but attachment are blocked in GS ,,from which website i
>> can send the topologydiagram.
>>
>> ASA------>ASA-SW--->DMZ-SW-------->Servers
>> |
>> IPS
>>
>> On Thu, Feb 10, 2011 at 6:05 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar<mailto:
>> tron_at_huapi.ba.ar>> wrote:
>>
>> Yes, that's one way of doing it.
>> Keep in mind that as long as you don't have a trunk between the
>> switches, you have two different "VLAN" universes.
>> I.e. vlan 2 @ ASA-SW has nothing to do with vlan 2 @ DMZ-SW.
>> (You better document it and have them match for the same use,
>> or you will have a hard time supporting this deployment)
>>
>> -Carlos
>>
>> estela Mathew @ 10/02/2011 10:46 -0300 dixit:
>>
>> Hello Carlos,
>>
>> Thanks for ur reply, please confirm the steps for my
>> configuration,
>>
>> * Inline vlan pair between vlan 2 and vlan 3 on gig0/0 of IPS
>> * Connect ASA-SW to DMZ-SW via a access link vlan 3 because the
>> servers will be in vlan 2 and the ASA-SW port connecting to
>> DMZ-SW
>> will be in vlan 3.
>>
>> THE TRAFFIC FLOW
>>
>> Please confirm me if it is wrong
>>
>> * From Servers Traffic hitting to Default gateway i.e ASA-DMZ
>> interface
>> * IT will be hitting to vlan 2 on switch the broadcast will be
>> on
>> IPS the mapping of vlan2 and vlan 3 will broadcast on vlan
>> 3 * On vlan 3 ports of DMZ-SW broadcast will receive and will
>> be
>> forwarded to ASA-SW interface and to ASA on vlan 3.
>>
>>
>> Please correct the above steps are correct,Waiting for ur
>> replies friends
>>
>> Thanks
>>
>>
>>
>>
>> On Thu, Feb 10, 2011 at 5:21 PM, Samuel Jack
>> <jacksamuel32_at_gmail.com <mailto:jacksamuel32_at_gmail.com>
>> <mailto:jacksamuel32_at_gmail.com <mailto:jacksamuel32_at_gmail.com>>>
>>
>> wrote:
>>
>> Hello Carlos,
>>
>> Very good Explanation.
>>
>> Can u explore more the below paragraph,i have understood but
>> i want
>> to be more clear,
>>
>>
>> Do you have the same vlans in both switches already ? If not,
>> the link can be an access link joining the ASA-SW DMZ vlan to
>> a DMZ-SW outside vlan. Then create an inside vlan and put
>> both (inside and outside) in a trunk port to the IPS.
>>
>>
>> What i understood from ur above mail is
>>
>> 1. If I wanna go with inline vlan pair then inside and
>> outside
>> interface will be same 2. I have to connect
>> ASA-SW to DMZ-SW .
>>
>>
>>
>> I have only 1 subnet can u explain me the traffic flow??
>>
>>
>>
>> Thanks
>>
>>
>>
>> On Thu, Feb 10, 2011 at 3:31 PM, Carlos G Mendioroz
>> <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>
>> <mailto:tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>>> wrote:
>>
>> Estela,
>> if you have to use an inline vlan pair, then inside and
>> outside
>> of the IPS are going to be in the same interface.
>>
>> You say you have two switches, you will have to connect them
>> somehow,
>> so both inside and outside can be vlans of the DMZ-switch.
>>
>> Do you have the same vlans in both switches already ? If
>> not,
>> the link can be an access link joining the ASA-SW DMZ vlan
>> to
>> a DMZ-SW outside vlan. Then create an inside vlan and put
>> both (inside and outside) in a trunk port to the IPS.
>>
>> -Carlos
>>
>> estela Mathew @ 10/02/2011 03:52 -0300 dixit:
>>
>> Hello,
>>
>> Topology:
>>
>>
>> ASA------>ASA-SW------->IPS-------->DMZ-SW-------->Servers
>>
>> I have a DMZ in my ASA i have kept IPS in between the
>> ASA
>> and Servers, I
>> have IPS 4240 i want to configure inline vlan
>> pair,How can i
>> do it,
>>
>> IPS gig0/0 is connected to DMZ-SWITCH and IPS gig0/1 is
>> connected to
>> ASA-SWITCH what will be the vlan pair, I have only 1
>> subnet
>> in DMZ
>> 192.168.10.0/27 <http://192.168.10.0/27>
>> <http://192.168.10.0/27>.
>>
>>
>> Please don't suggest IPS Inline interface pair becz i
>> know
>> it can work
>> easily Customer is insisting me to do inline vlan
>> pairing.
>>
>> I have seen the configuration example from cisco but
>> still i
>> have
>> doubts,Suppose if i create a vlan pair between vlan 1
>> and
>> vlan 2 on gig0/0
>> then what pairing will be on gig0/1 which is connected
>> to
>> ASA-SW, ihave only
>> 1 subnet in DMZ .
>>
>> Please help
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>> -- Carlos G Mendioroz <tron_at_huapi.ba.ar
>> <mailto:tron_at_huapi.ba.ar> <mailto:tron_at_huapi.ba.ar
>>
>> <mailto:tron_at_huapi.ba.ar>>>
>> LW7 EQI Argentina
>>
>>
>>
>>
>> -- Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar
>> >>
>> LW7 EQI Argentina
>>
>>
>>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
Blogs and organic groups at http://www.ccie.net
Received on Fri Feb 11 2011 - 10:24:17 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART