Static Routes with Higher Matric in ASA 5510

Unanswered Question
Jan 8th, 2009
User Badges:


I have a situation where single ASA needs to be connected with 2 core switches. Users will connect to this ASA via VPN & access Internal servers.

In ASA we have inside n/w routes.

My question is: If i connect this ASA with 2 core switches how will i define my inside routes.

route inside (core switch 1)

route inside 100 (core switch 2).

Will it work???



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Parminder Sian Thu, 01/08/2009 - 02:25
User Badges:
  • Bronze, 100 points or more

Hi Partha,

No this approach wont work, becasue how would you connect two switches to one interface of ASA, physically not possible.

Try following instead configure the switches for VTP, then create a vlan say vlan 2 on VTP server

.Then create a vlan interface using command "interface vlan 2" give it ip address for example in your case considering inside ip address of ASA is

Make sure that the port used by inside interface of ASA on switch is in vlan 2

Now create one more vlan for example vlan 10. Create a vlan interface using command "interface vlan 10". Give it ip address in range of 10.10.10.x.

Connect few pc's to switch, whatever port mkke sure it is part of vlan 10 and with same ip address range i.e 10.10.10.x

Enable ip routing on switch using command "ip routing"

On ASA give following route :-

route inside

Hope this helps.


Parminder Sian

acharyr123 Thu, 01/08/2009 - 02:31
User Badges:


What happens if i connect 2 port to 2 different switches..

Pravin Phadte Thu, 01/08/2009 - 03:49
User Badges:
  • Silver, 250 points or more

Hi acharyr,

Cisco ASA can be conneted to the swithes depending on the ports of the switch and model of the ASA. ASA 5505 supports only eth ports so can be conneted to a ASA.

I am finding it difficult to understand your senerio.

If you define on ASA the inside network connected to the core switches you dont need to define any routes .

All You need to do is confgure vlans on the asa.

Port connected to the swith may be vlan1 default and which is set for inside.

hope this helps


This Discussion