Static Routes with Higher Matric in ASA 5510

Unanswered Question
Jan 8th, 2009

Hi,

I have a situation where single ASA needs to be connected with 2 core switches. Users will connect to this ASA via VPN & access Internal servers.

In ASA we have inside n/w routes.

My question is: If i connect this ASA with 2 core switches how will i define my inside routes.

route inside 10.10.10.0 255.255.25.0 192.168.10.2 (core switch 1)

route inside 10.10.10.0 255.255.25.0 192.168.10.6 100 (core switch 2).

Will it work???

Rgds,

Partha

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Parminder Sian Thu, 01/08/2009 - 02:25

Hi Partha,

No this approach wont work, becasue how would you connect two switches to one interface of ASA, physically not possible.

Try following instead configure the switches for VTP, then create a vlan say vlan 2 on VTP server

.Then create a vlan interface using command "interface vlan 2" give it ip address for example in your case 192.168.10.2 considering inside ip address of ASA is 192.168.10.1

Make sure that the port used by inside interface of ASA on switch is in vlan 2

Now create one more vlan for example vlan 10. Create a vlan interface using command "interface vlan 10". Give it ip address in range of 10.10.10.x.

Connect few pc's to switch, whatever port mkke sure it is part of vlan 10 and with same ip address range i.e 10.10.10.x

Enable ip routing on switch using command "ip routing"

On ASA give following route :-

route inside 10.10.10.0 255.255.25.0 192.168.10.2.

Hope this helps.

Regards

Parminder Sian

Pravin Phadte Thu, 01/08/2009 - 03:49

Hi acharyr,

Cisco ASA can be conneted to the swithes depending on the ports of the switch and model of the ASA. ASA 5505 supports only eth ports so can be conneted to a ASA.

I am finding it difficult to understand your senerio.

If you define on ASA the inside network connected to the core switches you dont need to define any routes .

All You need to do is confgure vlans on the asa.

Port connected to the swith may be vlan1 default and which is set for inside.

hope this helps

Actions

This Discussion