CSS + ASA vlans

Unanswered Question
Jun 21st, 2007

Is there any reason the following configuration would not work. I would like to create 2 vlans on a css and connect each to 2 interfaces on an ASA. Then connect 2 servers into the 2 vlans on the css. The 2 servers should not be able to talk to eachother except through the firewall. It seems like a simple set up but no one ever suggests it, they always suggest a one armed topology?


int e1

ip addr

nameif inside

int e2

ip addr

nameif dmz


int e1

bridge vlan 100

int e2

bridge vlan 200


Server 1 = 192.168.100.x

Server 2 = 192.168.200.x

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Thu, 06/21/2007 - 10:01

Anybody? This should be an easy one for you guys. Is there enough information?

I am trying to avoid having to do a one armed configuration. I have a server which cannot be located on the same subnet as the other servers on the css. I need this server to be located on the inside of the firewall, not on the dmz where the css resides.


This Discussion