Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
335
Views
0
Helpful
1
Replies

ASA 5510 InterVlan Routing and internet access

itindia
Level 1
Level 1

‎02-24-2008 11:10 PM

Hi,

My topolgy is like this.

ISP--->Router--->ASA5510 Firewall--->cisco2960 48 port switch in VLAN--->Small 8 and 16 port switches to for respective VLAN.

Here Want to achieve internet access and separate network for individual department.

Got the public IP on the outside interface of the firewall say (59.x.x.x) and configured it.Now to achive the desired result I am planning to have something like below menteioned config on my ASA.

Assume you have 4 networks 2.2.2.0, 3.3.3.0, 4.4.4.0, 5.5.5.0

ASA5510

interface ethernet0/2

speed 100

duplex full

nameif LAN

security-level 50

no ip address

interface Ethernet0/2.2

vlan 2

nameif vlan2

security-level 50

ip address 2.2.2.1 255.255.255.0

interface Ethernet0/2.3

vlan 3

nameif vlan3

security-level 50

ip address 3.3.3.1 255.255.255.0

interface Ethernet0/2.4

vlan 4

nameif vlan4

security-level 50

ip address 4.4.4.1 255.255.255.0

interface Ethernet0/2.5

vlan 5

nameif vlan5

security-level 50

ip address 5.5.5.1 255.255.255.0

global (outside) 1 interface

nat(vlan2) 1 2.2.2.0 255.255.255.0

nat(vlan3) 1 3.3.3.0 255.255.255.0

nat(vlan4) 1 4.4.4.0 255.255.255.0

nat(vlan5) 1 5.5.5.0 255.255.255.0

And on switch side:

Switch_2960:

vlan database

vtp transparent

vtp domain test_lab

vtp password cisco

vlan 2 name VLAN2_2.2.2.0/24

vlan 3 name VLAN3_3.3.3.0/24

vlan 4 name VLAN4_4.4.4.0/24

vlan 5 name VLAN5_5.5.5.0/25

etc....

Interface fastethernet0/48

Description trunk_Connection_ASA_Ethernet03

speed 100

duplex full

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2,3,4,5 etc..

And then say from port no. 2 cable going to small 8or 16 port linksys switch and so on for port 3 and 4.

Questions:

1. Do I need to configure anything else on ASA side as far as natting is concerned.I just want to allow internet access to all the VLAN.

2. Can I keep my cisco 2960 L2 switch as VTP Server mode?

3. Will the small switches(8/16 port of linksys) interfaces will allow the traffic to flow desired subnet.These small switches are unmanaged?Will this work without trunking.

Suggest me same configuration scenrios for the same as well.

Thanks In advance.

Reg,

Sushil

Labels:
0 Helpful
1 Reply 1

itindia
Level 1
Level 1

‎02-25-2008 11:36 PM

Can somebody help me?

Reg,

Sushil

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents