 CT's head about to explode....
Access``````````````Access
|````````````````````|
|````````````````````|
|````````````````````|
|````````````````````|
|````````````````````|
6513-1---------------6513-2
|````````````````````|
|````````````````````|
|````````````````````|
|````````````````````|
|````````````````````|
ASA5520-1---DMZ---ASA5520-2
|````````````````````|
|````````````````````|
|````````````````````|
|````````````````````|
|````````````````````|
3825-1---------------3825-2
|````````````````````|
|````````````````````|
|````````````````````|
|````````````````````|
|````````````````````|
ISP1`````````````````ISP2
OK. Here is the topology I think I'm dealing with. Dual ISPs, BGP peered, no problem there. 3825-1, 3825-2, 6513-1, 6513-2 will be iBGP peered, again, no problem there.
Where my head implodes is in the firewall configuration.
The firewalls are supposed to provide redundancy to the network, yada yada you know the story there. This particular network has one and only one DMZ. With one DMZ being attached to two firewalls, I'm really wondering how on earth I'm ever going to make that work...I guess I'm just open to suggestions at this point, but I'm really just wondering how to handle this. If i get a WWW hit on my external IP that is NAT'd to a DMZ address, what is going to happen from there. Both firewalls process the packets and wreak havoc? Grr...probably a little bit of exhaustion talking here but I'd like some feedback nonetheless.... Thanks guys.
`````````` = blank space....
__________________
B.S., Network and Communications Management
CCNA, MCP x 3, A+
En route: Everything Cisco.
"$100K is a personality trait" - yours truly Cisco CCIE Certification - The journey has only just begun.
|