We have an issue with our current ASA 5505 set up and I hope someone can help. Here is the setup
ISP Handoff -> L2 Switch -> VLAN 1 of ASA
-> VLAN 2 of ASA
The ISP handoff is a single ethernet cable but the ISP router is acting as the gateway for 2x seperate public address spaces. ISP cable plugs into a L2 switch. The two VLANS of the ASA are then plugged into the same switch, one VLAN configured for public space 1 and the other for public space 2, now the issue is when the firewall ARPs for the gateways VLAN2's gateway shows up on VLAN 1 and VLAN 2 which obviously causes issues.
From your description of the symptoms I would guess that the layer 2 switch has both ASA ports in the same VLAN (which leads me to wonder if the layer 2 switch is doing any VLANs or are all ports in the native VLAN?). Can you provide details of how the layer 2 switch is configured?
It also would help to know how the ISP is set up. You tell us that it is an Ethernet handoff. But you do not tell us whether the ISP is handling that as a trunk with multiple VLANs or whether the ISP is treating it as an access port with a single VLAN. Can you clarify this?
Knowing how the ISP is set up and how the layer 2 switch is configured will be critical in finding a solution that works for your ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...