CSS + ASA vlans

Unanswered Question
Jun 21st, 2007

Is there any reason the following configuration would not work. I would like to create 2 vlans on a css and connect each to 2 interfaces on an ASA. Then connect 2 servers into the 2 vlans on the css. The 2 servers should not be able to talk to eachother except through the firewall. It seems like a simple set up but no one ever suggests it, they always suggest a one armed topology?

-ASA-

int e1

ip addr 192.168.100.1

nameif inside

int e2

ip addr 192.168.200.1

nameif dmz

-CSS-

int e1

bridge vlan 100

int e2

bridge vlan 200

-Servers-

Server 1 = 192.168.100.x

Server 2 = 192.168.200.x

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Thu, 06/21/2007 - 10:01

Anybody? This should be an easy one for you guys. Is there enough information?

I am trying to avoid having to do a one armed configuration. I have a server which cannot be located on the same subnet as the other servers on the css. I need this server to be located on the inside of the firewall, not on the dmz where the css resides.

Actions

This Discussion