Cisco ASA and multiple VLANs

security networking best-practices cisco cisco-asa

Solution 1:

For you having Cisco ASA devices (2 pairs of 5510s and 1 pair of 5550s). This means you are moving away from packet filtering with acls and moving to firewall zone based techniques in ASAs.

Create class-maps ,policy-maps and service-policies.

Network objects will make your life easy.

The trend in firewall technique is

packet filtering - packet inspection - ip inspect (stateful inspection) - Zonebasedfirewall

These techniques were made for it to be less confusing as the areas increase.

There is a book ,You might want to the read.

The accidental adminitrator -It really helped me.

Have a look at it and move from the acls in in two different directions.

With ASAs you should have no problem.

In the past ,I made 800 series ip inspect and ZBF ,then compared there advantages and they used the same technique in the ASAs moving away from packet filtering to advanced ip inspect.

Related

Lots of FAILURE AUDIT: an account failed to log on entires in Security Log
Linux iptables / conntrack performance issue
What are possible downsides to setting a (very) large initcwnd for high-bandwidth connections?
OpenWrt Configuring Tagged and Untagged VLAN on the Same Port
How does Varnish deal with running out of storage?
Is GlusterFS a good pick for keeping webservers in sync?
Can you granularly control what comes over the SCOM CI connector in SCSM 2012?
How to get virtualized SR-IOV Infiniband interface UP?
Diagnosing slow active directory logins
Nginx cache shared between multiple servers
How to investigate the cause of a 100% CPU event that lasted for hours?
Is there a way to get spamassassin to score the top lines of a message body more heavily?