Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Interface Configuration for ACE

We will put a new ACE 4710 applicance on our production environment. It will be sit behind the firewall (ASA 5580) with routed mode. Two VLANs will be created for it, VLAN 10 (1.1.1.0/24) for VIP and VLAN 20 (1.1.2.0/24) for real servers. Assumed both ASA port and ACE port are connected to one switch such as G1/0/1 and G1/0/2. My question is how to configure two ports. Are both of them are set up as trunk port allowed only 10 and 20?

If they are, how to set up ASA and ACE end?  I am not sure if following comfigurations are working.

ASA:                                                                     Switch: G1/0/1

interface GigabitEthernet0/3                                     switch mode trunk
speed 1000                                                             switchport trunk encapsulation dot1q
duplex full                                                               switchport trunk allowed 10,20
nameif LB-VIP 
security-level 50 
ip address 1.1.1.1 255.255.255.0

ACE:

interface G1/1                                                       switch:G1/0/2

switch trunk allowed 10,20

                                                                            switch mode trunk

interface vlan 10                                                     switchport trunk encapsulation dot1q
ip address 1.1.1.4 255.255.255.0                            switchport trunk allowed 10,20
interface vlan 20

ip address 1.1.2.1 255.255.255.0

Please let me know your thoughts. Thanks a lot!

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Interface Configuration for ACE

Given a topology of

asa---vlan10-------ace------vlan20------server

You would not be configuring vlan 20 on port for asa.

Your ace config looks correct

the servers should point to 1.1.2.1 as their default gateway and on the ace you should be routing to the asa as the default gateway with

ip route 0.0.0.0 0.0.0.0 1.1.1.1

2 REPLIES
Cisco Employee

Re: Interface Configuration for ACE

Given a topology of

asa---vlan10-------ace------vlan20------server

You would not be configuring vlan 20 on port for asa.

Your ace config looks correct

the servers should point to 1.1.2.1 as their default gateway and on the ace you should be routing to the asa as the default gateway with

ip route 0.0.0.0 0.0.0.0 1.1.1.1

New Member

Re: Interface Configuration for ACE

Thanks for your quick response.

Like you mentioned, I will configure switch port connected to ASA as access port with VLAN 10, right?

VLAN 20 traffics will be reached through the routing table.

237
Views
0
Helpful
2
Replies
CreatePlease to create content