Despite reading some related topics, i was not able to find a solution for my issue.
I would like to set up the following design:
| outside (security level 0)
Firewall ----------- > NAT for internal networks and a route back to L3 switch..
| inside (security level 100)
Layer 3 switch various VLAN SVI's
Cisco NAC Inband virtual gateway
Layer 2 switch
I have created svis on the layer 3 switch for 15 vlans.(172.16.10.0,172.16.20.0,172.16.30.0,172.16.40.0 etc..) I set up the 192.168.100.0/30 network for the link between the layer 3 switch and the ASA. I do not want to do inter vlan routing on the asa.My issue is:
I want to keep inter vlan routing on the L3 switch and still allow users to have internet access.
Will this setup on the ASA allow me to have access to internet ?
nat (inside) 1 172.16.10.0 255.255.255.0
nat (inside) 2 172.16.20.0 255.255.255.255
nat (inside) 3 172.16.30.0 255.255.255.0
global (outside) 1 interface
route inside 172.16.10.0 255.255.255.0 192.168.100.2
route inside 172.16.20.0 255.255.255.0 192.168.100.2
route inside 172.16.30.0 255.255.255.0 192.168.100.2
with 192.168.100.2 being the routed port of the L3 switch