Connect ASA to VLAN switch for a DMZ?

Unanswered Question
Feb 3rd, 2008
User Badges:

Hi, I have a ASA 5520 and a Cisco 3560 switch. I want to create a couple of DMZ/VLANs on the switch to house some web servers on one and the other will be for testing. I have created the 2 vlans (I think) on the switch:


VLAN2 = IP 172.16.1.1/24

VLAN3 = IP 172.16.2.1/24


VLAN1 seems to be the global VLAN for the switch or something else, am I right?


I have connect port 1 on the switch to 0/2 on the ASA. I will add the routes on the LAN to point to the ASA for these 2 networks, but what else do I need to do? Do I have to trunk the 2 and tell the ASA about these 2 VLAN's somehow?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Fernando_Meza Sun, 02/03/2008 - 16:31
User Badges:
  • Gold, 750 points or more

Hi ..


Yes you need to configure a trunk between the port connected to the 0/2 port on the ASA and the switch. The port on the ASA needs to be configured with virtual interfaces. For example you will need to use the command


interface gigabitethernet 0/2.2

vlan 2

no shut

ip address x.x.x.x



interface gigabitethernet 0/2.3

vlan 3

no shut

ip address x.x.x.x




The above will create a trunk on gigabitethernet 0/2 for VLANs 2 and 3. You also need to allocate an IP address, name and security level to each subinterface. The following link might give you an idea.


I hope it helps .. please rate it if it does !!!


http://cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html#wp1044006

http://cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intparam.html





jamesgonzo Thu, 02/07/2008 - 05:29
User Badges:

Thanks, just picked this up. What would I need to do on the trunk port on the switch side?

ptenggren Mon, 02/11/2008 - 02:59
User Badges:

switchport trunk encapsulation dot1q

switchport mode trunk

Actions

This Discussion