Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5505 with Catalyst 3750

I need some assistance with placing an ASA5505 on our existing network.  This ASA5505 is going to be used to connect to a software vendor.  The outside interface of the ASA I have setup to connect to the provider which will connect to the software vendor.  I need to then connect the ASA 5505 to our network, in this case a Catalyst 3750.  We would like to manage this device on a particular existing vlan.

Thanks.

8 REPLIES
Cisco Employee

Re: ASA 5505 with Catalyst 3750

Here is where to start http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/int5505.html by configuring interfaces and subinterfaces (vlan).

I hope it helps.

PK

Community Member

Re: ASA 5505 with Catalyst 3750

Thanks for the link.

I have setup the vlan on the ASA5505 and set the switchport vlan on the port as below.

Vlan ABC

nameif inside

security-level 100

ip address 10.x.x.x 255.255.255.0

no shut

Inteface Ethernet 0/2

switchport access vlan ABC

no shut

Now on the catalyst 3750, should the port be setup as "switchport access vlan ABC"?

Then we should be able to ASDM to the 10.x.x.x that was assigned?

Thanks.

Community Member

Re: ASA 5505 with Catalyst 3750

When I attempt to asdm to this 5505, I see the following log message.

Routing failed to locate next hop for TCP from inside:10.10.190.x/443 to inside:10.10.12.x/51386

The 10.10.190.x is the management ip of asa 5505 and the 10.10.12.x is my ip address.

Thanks.

Community Member

Re: ASA 5505 with Catalyst 3750

Hello,

Now on the catalyst 3750, should the port be setup as "switchport  access vlan ABC"?

YES

Please create SVI on 3750 with same subnet IP of firewall inside interface.

HTH

Estela

Community Member

Re: ASA 5505 with Catalyst 3750

the svi for this vlan is on our core.

Community Member

Re: ASA 5505 with Catalyst 3750

Hello,

ON 3750 same vlan for the ASA side and same vlan on other side where it is connecting to core,Both the ports should be in same vlan. U can try to ping from core whether the ASA inside interface is reacheable or not.

HTH,

Thanks

Community Member

Re: ASA 5505 with Catalyst 3750

i added static route statement for all traffic to use the gateway address of vlan 190.

i can now asdm and ssh to the asa.

Community Member

Re: ASA 5505 with Catalyst 3750

Hello ,

Internet Addresses are not known so u should add a Static defult route pointing to ASA inside interface on core.

Pls do rate post if it helps

THANKS

420
Views
0
Helpful
8
Replies
CreatePlease to create content