asa5505vlans

Answered Question
Jul 31st, 2008
User Badges:

Dear sir,


i have three servers connected to switch from that switch to i connected to firewall through this firewall iwant to communicate this servers and already i configure the firewall plz guide me if any changes require.

iam attaching my config.


thanks&Regards

srini



Attachment: 
Correct Answer by Marwan ALshawi about 8 years 12 months ago

if u get work let me know


good luck

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Marwan ALshawi Thu, 07/31/2008 - 00:36
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

can you describe your requirment in more details please?

u want to put each server in deffrent vlan and they communicate through the firewall

wat you want?

also how many vlan u have and how many physical interfaces in ur firewall u have?

let me know ur requirment in details to let me help u



dhanikonda Thu, 07/31/2008 - 00:40
User Badges:

Dear sir,


Thanks for reply and i have 3 servers connected to switch and i want to communicate that servers through the firewall asa5505


plz tell me how can i config the firewall.


srini

Marwan ALshawi Thu, 07/31/2008 - 00:56
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

how many internal physical interfaces on ur firewall u can use?

dhanikonda Thu, 07/31/2008 - 01:00
User Badges:

Dear sir,


i have 7 ethernet ports and we can use


srini

Marwan ALshawi Thu, 07/31/2008 - 01:18
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

what you need to do is:

creat three vlans on your swtich and dont creat any vlan interface on the switch to avoid any vlan routing


lets say u created vlan 10, 20 , 30

put each server in a vlan


interface fa0/1

switchport access vlan 10


the same for each server


also reserve a firewall interface for each vlan and make the IP addressing of each server and firewall interface within the same vlan in the same ip addresing range


and make each interface in a corsponding vlan in the switch

let say inteface fa0/2 will be connected to the firewall so make it on vlan 10


and the same for each vlan and server


SERVER1--vlan10--switch--vlan10--firewall interface 1


server2--vlan20--switch--vlan20--firewall interface 2


and so one


in this case each server will communicate with firewall interface that its on the same vlan


lets say server 1 ip address is 10.1.1.5 and as we said server in vlan 10

now lets say in the firewall interface hat connected to the switch interface in vlan 10 is fa0/1

so give this firewall interface ip address as 10.1.1.1


now the default gateway for server 1 will be 10.1.1.1 which is the firewall interface that reside in the same vlan


and the same for all servers and their vlans


the communications between servers will be through the firewall

dont forget if u give each interface deffrent security level make the right ACL to allow comunication between them

the config will be only firewall ACLs and apply it in the right direction

do it if anything stoped let me know


good luck


please Rate if helpful


Marwan ALshawi Thu, 07/31/2008 - 01:53
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

for more help


let say this is the fire wall interface connected to the switch port that is in vlan 10


interface fa0/1

nameif inside1

security-level 55

no shut

ip address 10.1.1.1


server ip address 10.1.1.5 default gateway 10.1.1.1


lets say server one in vlan 20 has ip address 20.1.1.1

and its defaultgate way the ip address of the firewall interface that connect to the switch port in vlan 20

lets say 20.1.1.10


so if you want server1 communicat with server2


make acl

access-list 100 permit ip host 10.1.1.5 host 20.1.1.1


access-group 100 in interface inside1


and so on ...

Correct Answer
Marwan ALshawi Thu, 07/31/2008 - 04:51
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

if u get work let me know


good luck

dhanikonda Thu, 07/31/2008 - 21:13
User Badges:

Dear sir,


Thanks for ur great on time support and iam very greatfull to u.


I tried ur config its working fine,


Thanks for netfourms and great support from u.


Thanks&Regards

srini

Marwan ALshawi Thu, 07/31/2008 - 21:19
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i am so happy its work

and u welcome :)

Actions

This Discussion