Design for ASA and Cat4510e integration for VLANs

Unanswered Question
Jan 12th, 2009
User Badges:

I currently have a Catalyst 4510e doing intervlan routing between multiple Vlans. I want to install an ASA 5540 into the mix which will have a DMZ and another firewalled PCI segment, that is protected by the ASA. Is there a Cisco article that describes designing maybe a dot1q trunk between the ASA and the 4500 so that I can keep using the 4500 as my core router but use the ASA for routing DMZ and PCI VLAN traffic? What I am looking to do is somehow continue managing vlans via the 4500 but having some of those vlans firewalled and routed by the ASA's. Hope this makes sense.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Mon, 01/12/2009 - 12:08
User Badges:
  • Purple, 4500 points or more

In your 4506's you would create new firewall VLAN's, but not configure any SVI's (layer 3 interfaces). The default gateway will be the ASA.


Hope that helps.


Check Jon's post for the interface config.

Jon Marshall Mon, 01/12/2009 - 12:09
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Joshua


Yes this is perfectly possible. Attached is a link to creating vlan subinterfaces on the ASA -


http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html#wp1044006


You then need to configure the port on the 4510e that the ASA interface connects into as a 802.1q trunk.


Jon

Actions

This Discussion