Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3319
Views
0
Helpful
4
Replies

VLAN tagging on a Cisco ASA 5520?

whiteford
Level 1
Level 1

‎12-06-2007 02:25 PM - edited ‎03-11-2019 04:40 AM

Hi, I have a Cisco ASA 5520 and a Cisco 3750 switch. I want to create 3 VLANS (like DMZ's) on this switch and get the ASA to use this via its gigabit port, how can I do this?

Labels:
0 Helpful
4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

‎12-06-2007 03:26 PM

There is a physical connection between the fa0/1 on the switch and the ethernet 4 interface on the PIX/ASA.

*******************************************

Switch Configuration

*******************************************

interface FastEthernet0/1

description Connection to PIX Firewall

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 100-103

switchport mode trunk

duplex full

speed 100

*******************************************

PIX/ASA Configuration

*******************************************

interface Ethernet4

description Trunk Only! DO NOT CONFIGURE!!

speed 100

duplex full

no nameif

security-level 10

no ip address

!

interface Ethernet4.100

description DMZ 100

vlan 100

nameif dmz101

security-level 10

ip address 10.10.100.254 255.255.255.0 standby 10.10.100.253

!

interface Ethernet4.101

description DMZ 101

vlan 101

nameif dmz101

security-level 10

ip address 10.10.101.254 255.255.255.0 standby 10.10.101.253

!

interface Ethernet4.102

description DMZ 102

vlan 102

nameif dmz102

security-level 10

ip address 10.10.102.254 255.255.255.0 standby 10.10.102.253

!

interface Ethernet4.103

description DMZ 103

vlan 103

nameif dmz103

security-level 0

ip address 10.10.103.254 255.255.255.0 standby 10.10.103.253

!

HTH and please rate.

0 Helpful

husycisco
Level 7
Level 7
In response to Collin Clark

‎12-07-2007 01:22 AM

Hi Jorge

Just curious, what happens if Vlan x has 2 ports, one is trunk to ASA and one is trunk to a switch which has member vlans 101-103 through trunk? Should we define vlan IDs of other switch?

0 Helpful

husycisco
Level 7
Level 7
In response to Collin Clark

‎12-07-2007 12:14 PM

I got confused by posts, I mean Collin not Jorge :)

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to husycisco

‎12-10-2007 05:54 AM

Any port that is in that VLAN will be in the DMZ, assuming you have the VLAN on the trunks. Most people have separate switches for DMZ's from internal switches.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card