Currently we use a Cymphonix Network Composer that sits between a Catalyst 2960 and ASA 5510 trunk. The Cymphonix is inline there, right now, so that it can understand the VLANs and see the LAN hosts for active directory monitoring of user web access.
What I worry about is that all of our inter-VLAN routing is unnecessarily going through the Composer, and I'd like to eliminate that.
Any thoughts on how to get this out of the inter-VLAN routing communication, while having the granularity involved with the device being able to see LAN hosts? I do have a spare ASA in the rack; should I create a little DMZ zone in-between two ASA's for the Composer? Any other thoughts (anything)??