×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA 5505 with Catalyst 3750

Unanswered Question
Oct 8th, 2010
User Badges:

I need some assistance with placing an ASA5505 on our existing network.  This ASA5505 is going to be used to connect to a software vendor.  The outside interface of the ASA I have setup to connect to the provider which will connect to the software vendor.  I need to then connect the ASA 5505 to our network, in this case a Catalyst 3750.  We would like to manage this device on a particular existing vlan.


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
fasteddye Fri, 10/08/2010 - 12:12
User Badges:

Thanks for the link.


I have setup the vlan on the ASA5505 and set the switchport vlan on the port as below.


Vlan ABC

nameif inside

security-level 100

ip address 10.x.x.x 255.255.255.0

no shut


Inteface Ethernet 0/2

switchport access vlan ABC

no shut


Now on the catalyst 3750, should the port be setup as "switchport access vlan ABC"?


Then we should be able to ASDM to the 10.x.x.x that was assigned?


Thanks.

fasteddye Fri, 10/08/2010 - 13:01
User Badges:

When I attempt to asdm to this 5505, I see the following log message.


Routing failed to locate next hop for TCP from inside:10.10.190.x/443 to inside:10.10.12.x/51386


The 10.10.190.x is the management ip of asa 5505 and the 10.10.12.x is my ip address.


Thanks.

estelamathew Fri, 10/08/2010 - 13:02
User Badges:

Hello,


Now on the catalyst 3750, should the port be setup as "switchport  access vlan ABC"?

YES


Please create SVI on 3750 with same subnet IP of firewall inside interface.


HTH


Estela

estelamathew Fri, 10/08/2010 - 13:18
User Badges:

Hello,


ON 3750 same vlan for the ASA side and same vlan on other side where it is connecting to core,Both the ports should be in same vlan. U can try to ping from core whether the ASA inside interface is reacheable or not.


HTH,


Thanks

fasteddye Fri, 10/08/2010 - 13:21
User Badges:

i added static route statement for all traffic to use the gateway address of vlan 190.


i can now asdm and ssh to the asa.

estelamathew Fri, 10/08/2010 - 13:24
User Badges:

Hello ,


Internet Addresses are not known so u should add a Static defult route pointing to ASA inside interface on core.


Pls do rate post if it helps


THANKS

Actions

This Discussion