Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
5
Replies

Access List help

Anand Narayana
Level 6
Level 6

‎05-29-2007 11:51 PM - edited ‎03-05-2019 04:22 PM

Hi,

i hav the network like this........

Internet Router----->ASA------>3750

now on 3750 i hav created 5 vlans, ASA will be a part of 1 vlan in 3750, rest 4 vlans will be on LAN.

my requirement is......

all the 4 vlans users in LAN should be accessed based on the rules applied in ASA & not in 3750.

which means all the routing should happen via ASA & not 3750, but VLAN should be created only in 3750..

Labels:
0 Helpful
5 Replies 5

cpembleton
Level 4
Level 4

‎05-30-2007 04:39 AM

In order for your ASA to do the routing you'll need to create a sub-interfaces off the inside interface. One for each vlan on the switch.

Example:

interface gigabitEthernet0/0

no shut

interface GigabitEthernet0/0.10

description VLan 10

vlan 10

nameif inside10

security-level 100

ip address 192.168.1.10 255.255.255.0

!

interface GigabitEthernet0/0.20

description Vlan 20

vlan 20

nameif inside20

security-level 100

ip address 192.168.1.20 255.255.255.0

interface GigabitEthernet0/0.30

vlan 30

nameif inside30

security-level 100

ip address 192.168.1.30 255.255.255.0

Thanks,

Chad

Please rate if helpful.

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee
In response to cpembleton

‎05-30-2007 05:58 AM

Hi Anand,

Agree with Chad on this. You have to configure a dot1q trunk between 3750 and ASA. Donot create the SVI's on 3750 and set the gateway for the hosts as the sub-interface IP of the ASA for respective vlans.

Please see the document below for more help.

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_guide_chapter09186a0080636f42.html#wp1044006

HTH,please rate if it does.

-amit singh

0 Helpful

Anand Narayana
Level 6
Level 6
In response to Amit Singh

‎05-30-2007 09:05 PM

Hi Cblem & Amith,

Thanks for ur reply, but i hav PIX Version 6.3(3) running on my Firewall on other side office, so how do i create sub-interface. the interface in pix is like this........ "ip address inside 192.168.1.1 255.255.255.0"

0 Helpful

rajbhatt
Level 3
Level 3
In response to Anand Narayana

‎05-30-2007 09:13 PM

Hi,

Please refer to this document to create vlan in 6.3

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/bafwcfg.html#wp1113411

Raj

0 Helpful

Anand Narayana
Level 6
Level 6
In response to rajbhatt

‎05-30-2007 11:32 PM

can i have something like this for having multiple logical interfaces.

nameif vlan2 inside security50

nameif vlan3 inside security50

nameif vlan4 inside security50

ipaddress inside 192.168.1.1 255.255.255.0

ipaddress inside 192.168.2.1 255.255.255.0

ipaddress inside 192.168.3.1 255.255.255.0

if not, how do i assign a single with multiple ip address for each & every vlan?

how to i connect to the switch, i mean if i put "switch port mode trunk" on the switch side, what command should i need on the PIX "inside" interface? in router the command is "encapsulation dot1Q 1"

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card