cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
281
Views
0
Helpful
2
Replies

Design for ASA and Cat4510e integration for VLANs

Joshua Engels
Level 1
Level 1

I currently have a Catalyst 4510e doing intervlan routing between multiple Vlans. I want to install an ASA 5540 into the mix which will have a DMZ and another firewalled PCI segment, that is protected by the ASA. Is there a Cisco article that describes designing maybe a dot1q trunk between the ASA and the 4500 so that I can keep using the 4500 as my core router but use the ASA for routing DMZ and PCI VLAN traffic? What I am looking to do is somehow continue managing vlans via the 4500 but having some of those vlans firewalled and routed by the ASA's. Hope this makes sense.

2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

In your 4506's you would create new firewall VLAN's, but not configure any SVI's (layer 3 interfaces). The default gateway will be the ASA.

Hope that helps.

Check Jon's post for the interface config.

Jon Marshall
Hall of Fame
Hall of Fame

Joshua

Yes this is perfectly possible. Attached is a link to creating vlan subinterfaces on the ASA -

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html#wp1044006

You then need to configure the port on the 4510e that the ASA interface connects into as a 802.1q trunk.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: