Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
2
Replies

Bridging MPLS Link between ISR Router and ASA Firewall

Go to solution
exonetinf1nity
Level 1
Level 1

‎09-30-2008 06:26 AM - last edited on ‎03-25-2019 03:20 PM by Community Manager

Greetings, ive been wrestling with this for awhile now.

We have an MPLS link presented on ethernet comming into the premises, the link is configured as a 802.1q trunk with two vlans, one for a link into the MPLS cloud lets call it vlan 10 and one vlan which will provide an internet services for the business lets call it vlan 20. A /28 public address block has been allocated for internet access.

The ethernet link terminates on a Cisco 3825 ISR with a 4 Port ethernet Hwic installed.

What i would like to do is bridge the internet vlan onto the outside interface of an ASA 5510 then back onto the router so that internal users can access both internet resources and the mpls network on a common gateway.

Is this possible with the current hardware setup?

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-01-2008 01:35 AM

Hello Mark,

the MPLS link can be terminated on a L2 trunk with vlan 10 and vlan 20 configured on one of the ports of the 4 FE HWIC.

A second port is an access port for vlan 20 and connects to ASA.

The trick is to use a third vlan : vlan 30 for the second interface of the ASA that will be bridging between vlan 20 and vlan 30 and inspecting traffic

So the third port will be in vlan 30.

At layer 3 you will define only an address for vlan 30 in the internet access network

So I think it should be possible to achieve what you want to do

Hope to help

Giuseppe

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-01-2008 01:35 AM

Hello Mark,

the MPLS link can be terminated on a L2 trunk with vlan 10 and vlan 20 configured on one of the ports of the 4 FE HWIC.

A second port is an access port for vlan 20 and connects to ASA.

The trick is to use a third vlan : vlan 30 for the second interface of the ASA that will be bridging between vlan 20 and vlan 30 and inspecting traffic

So the third port will be in vlan 30.

At layer 3 you will define only an address for vlan 30 in the internet access network

So I think it should be possible to achieve what you want to do

Hope to help

Giuseppe

0 Helpful

Go to solution
exonetinf1nity
Level 1
Level 1
In response to Giuseppe Larosa

‎10-01-2008 04:35 AM

Thank you for the reply Giuseppe it makes perfect sense, i was having somewhat of a mind block. I was working under the premise that the trunk had to be terminated on the routed interface on an ISR and didnt actually think of terminating it on the HWIC.

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card