Transparent Firewall help...

loxleynew

Ok so I have a question hopefully someone can help me with.

We are upgrading one of our sites internet connections to a T1 from a traditional cable connection. With this we need to purchase our own router to translate the T1 (1941 already purchased). My question is would the easiest way be to setup the firewall in transparent mode? (never done this before). If it is in transparent mode can we still use this to nat or should we just use the internet router (1941) to nat our internal web servers/vpn?

Current configuration:
cable modem <

---

> ASA 5505 <----> Cisco 1941 (WAN) <----> LAN

Proposed configuration:

Internet ISP <

---

> Cisco 1941 <----> ASA 5505 transparent <----> Cisco 1941 (WAN) <----> LAN

it_consultant

The 1941 should have a soft firewall in it which is practically very similar to the ASA. Why not simply use that?

xnx

Because the ASA is better..Not too sure about the solution though

loxleynew

Yea we already have the ASA so might as well use it. After reading further seems transparent firewall seems not to be the way to go as it's too complex for our setup... Possibly just use some other public ip range for the ASA and keep the NAT on the asa and use the outside router as strictly a link? Seems like a waste for a 1941 but i guess it would have to do.

it_consultant

xnx wrote: »

Because the ASA is better..Not too sure about the solution though

Realistically the difference between the 5505 (without any add on filtering cards) and the ISR firewall is probably very little. In fact, performance wise you might get more out of the ISR.