ASA-5505 REPLACING A LINUX BOX.

Unanswered Question
Jan 15th, 2008

I replace a linux firewall with a ASA5505-sec-bin-k9.

The customer have two remote sites conected in the following way:

The carrier deliver a LAN connection, a 10/100 wire. But I know the provider has two routers, one goes to a the first remote site and the other for the second remote site.

I plug this cable in a L2 switch and two ASA ports one port of the ASA have an ip and the other with another ip.

The perforamce of the ASA is bad with both interfaces conected simultaneosly to that L2 SW. Testing individually each interface alone, it work fine.

How can I preven that both interfaces are listening the same trafic ?.

With the two interfaces conected simultaneusly , one interface is denying the trafic that the other is forwarding and viceversa but the total efect is that is dropping packets in both interfaces. How can solve this issue.

be aware that is not possible righ now the carrier change the way that is offering the service.

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vkapoor5 Tue, 01/22/2008 - 09:38

To my knowledge, you have to replace the switch with the router or upgrade the L2 switch to L3 switch because of routing issues. Route all the traffic to the router and poing to the switch.

Rafael Jimenez Tue, 01/22/2008 - 13:20

Yes!, The only option that I had was a 2514 router. I try to use dot1q encapsulation to separate the incoming traffic, but the 2514 doesnt support that. Finally I just put the router between the one of the asa interface and the L2 SW. One traffic pass throug the router and the other goes directly to the other ASA interface.

It's working fine, but I will replace the 2514 by an 871 and try to use subinterface with encapsulation and build a trunk between the router and the ASA.

Thanks for your advice.

Actions

This Discussion