Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
607
Views
0
Helpful
3
Replies

VLAN Routing Through Cisco ASA

gsnyder0111
Level 1
Level 1

‎04-24-2015 02:55 PM - edited ‎03-07-2019 11:43 PM

We are setting up a new network using a Cisco 2960-X switch through a Cisco ASA 5525 to get to the Internet.  The Cisco 2960-X is set up with  VLANS and the interface with subinterfaces have been created on the Cisco ASA.  As far as we can tell we are set up correctly on the switch side.  We can connect (ping) Cisco ASA interface and subinterface IP addresses from the switch and we can connect (ping) the subinterface IP on the Cisco ASA from a workstation (subinterface for the VLAN only).

We are unable to connect to the default gateway (external connection), or any other port on the Cisco ASA from the new network.  We suspect we need to set up static NATing but having difficulty figuring out what NAT rules we need to create.  Our ASA is running version 9.1 and most of the information we have found on-line is for older versions as the NAT commands have changed considerably.

This diagram show approx. how we are set up.

What do we need to do to establish Internet connectivity from a VLAN through the Cisco ASA?

Labels:
0 Helpful
3 Replies 3

ArchiTech89
Level 1
Level 1

‎04-24-2015 05:39 PM

I'm going to hazard a response -- if I'm off, please let me down gently...

I'm thinking you don't need to create the subinterfaces on the ASA like you do on a regular router. I would say uplink with a trunk from the switch with all 3 VLANs, and then create an SVI for each of the VLANs on the ASA (I'm not sure that's possible because I'm not familiar with the 5525 hardware). But I'm assuming that the ASA can trunk. If that works, I'm thinking you would assign all 3 VLANs to the inside interface.

Does that sound possible?

 

ArchiTech89
CCNA Routing & Switching, CCNA Security
MCITP, MCTS
Berlin, Germany
0 Helpful

gsnyder0111
Level 1
Level 1
In response to ArchiTech89

‎04-27-2015 06:05 AM

Jeremy,

Thanks for your response.  The ASA does support trunking, but only through subinterfaces.

Gene

0 Helpful

ArchiTech89
Level 1
Level 1
In response to gsnyder0111

‎05-04-2015 07:43 AM

OK. Well, like I said, I don't know that particular platform.

I've configured ASA 5505s for smaller networks where, for example, port 0 would be the outside interface, and then port 5 would connect on the inside to an ISR (with a built-in switch). The router (a router-on-a-stick setup) would then have several switchports all trunked to layer 2 switches. Then I use switch virtual interfaces for each of the VLANs on the ISR (kind of a poor man's distribution layer) and configure the default gateway on the clients to be the SVI of that VLAN/subnet. And it seems to work fine. But my platform/networks is/are not nearly as robust as yours, so...

Good luck, though! I thought I'd keep this in the top of the unanswered list by responding so others with more experience might take a look.

Cheers!

 

ArchiTech89
CCNA Routing & Switching, CCNA Security
MCITP, MCTS
Berlin, Germany
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card