Answered Question
Jul 31st, 2008

Dear sir,

i have three servers connected to switch from that switch to i connected to firewall through this firewall iwant to communicate this servers and already i configure the firewall plz guide me if any changes require.

iam attaching my config.



Correct Answer by Marwan ALshawi about 8 years 7 months ago

if u get work let me know

good luck

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Marwan ALshawi Thu, 07/31/2008 - 00:36

can you describe your requirment in more details please?

u want to put each server in deffrent vlan and they communicate through the firewall

wat you want?

also how many vlan u have and how many physical interfaces in ur firewall u have?

let me know ur requirment in details to let me help u

dhanikonda Thu, 07/31/2008 - 00:40

Dear sir,

Thanks for reply and i have 3 servers connected to switch and i want to communicate that servers through the firewall asa5505

plz tell me how can i config the firewall.


Marwan ALshawi Thu, 07/31/2008 - 01:18

what you need to do is:

creat three vlans on your swtich and dont creat any vlan interface on the switch to avoid any vlan routing

lets say u created vlan 10, 20 , 30

put each server in a vlan

interface fa0/1

switchport access vlan 10

the same for each server

also reserve a firewall interface for each vlan and make the IP addressing of each server and firewall interface within the same vlan in the same ip addresing range

and make each interface in a corsponding vlan in the switch

let say inteface fa0/2 will be connected to the firewall so make it on vlan 10

and the same for each vlan and server

SERVER1--vlan10--switch--vlan10--firewall interface 1

server2--vlan20--switch--vlan20--firewall interface 2

and so one

in this case each server will communicate with firewall interface that its on the same vlan

lets say server 1 ip address is and as we said server in vlan 10

now lets say in the firewall interface hat connected to the switch interface in vlan 10 is fa0/1

so give this firewall interface ip address as

now the default gateway for server 1 will be which is the firewall interface that reside in the same vlan

and the same for all servers and their vlans

the communications between servers will be through the firewall

dont forget if u give each interface deffrent security level make the right ACL to allow comunication between them

the config will be only firewall ACLs and apply it in the right direction

do it if anything stoped let me know

good luck

please Rate if helpful

Marwan ALshawi Thu, 07/31/2008 - 01:53

for more help

let say this is the fire wall interface connected to the switch port that is in vlan 10

interface fa0/1

nameif inside1

security-level 55

no shut

ip address

server ip address default gateway

lets say server one in vlan 20 has ip address

and its defaultgate way the ip address of the firewall interface that connect to the switch port in vlan 20

lets say

so if you want server1 communicat with server2

make acl

access-list 100 permit ip host host

access-group 100 in interface inside1

and so on ...

dhanikonda Thu, 07/31/2008 - 21:13

Dear sir,

Thanks for ur great on time support and iam very greatfull to u.

I tried ur config its working fine,

Thanks for netfourms and great support from u.




This Discussion