06-27-2008 03:34 AM - edited 03-05-2019 11:52 PM
Hello,
Today i use Cisco 2811 router for inter-vlan routing.
I must a lot of time add or modify Access-list for policy routing.
Ant it is not very easy with CLI command
I want change this router with ASA Firewall for inter vlan routing.
It is better to manage Access-list with ASDM interface. But i have this problem :
Each Sub Interface is configure with the VLAN id.
But Firewall use different security level for this interface. And if i want establish routing between Lower security level interface to higher security level interface i must create A static Nat for each IP address.
Does anyone know if it is possible to doing routing inter-vlan without using Static nat, but only access-list like a router
Thanks for your help
06-28-2008 06:06 AM
If you require NAT then you will have to use static NAT for traffic flows from low to high security level interfaces. If you do not require NAT then you could turn off NAT with the command no nat-control. Then global/nat and or static NAT is not required. With NAT Control off you can still use access lists to control which traffic is allowed in or out per interface.
06-28-2008 07:25 AM
Hi,
By default, it will be "no nat-control", so NATting is not required for routing between interfaces.
Now migrating your inter-vlan routing and access-control to the ASA -
- you can use individual interfaces for individual VLAN, provided you have enough interfaces....
- ASA supports sub-interfaces, so you could possibly use 1 interface for porting multiple vlans to just a single interface with granular access controls and routing between these VLAN's.
Hope this helps.
regards,
dhananjoy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide