I am attempting to migrate from 515's to 5520's. Due to the ASA having fewer eth interfaces than the PIX, I am trying to bring two DMZ's (both on 2950 switches)in to a switch (also a 2950, which I'll call the "bridge") on separate VLAN's, then bring them into the ASA through subinterfaces.
The problem I have is that the bridge 2950 can see the DMZ 2950's, and can see the physical interfaces on the ASA, but the real traffic is not passing from the bridge 2950 to the ASA.
If I understand correctly, the 2950 cannot do multiple VLAN's with assigned addresses, but it should be able to handle them as currently configured, which is with an address assigned only to vlan1.
I have the switchports set up as trunks, with the appropriate VLAN's assigned. I don't see an available command on the ASA's interface for encapsulation, and based on research, I'm assuming it defaults to dot1q.
So right now I'm not sure if this is a VLAN configuration issue, hardware limitation issue, encapsulation issue or something else entirely.
I've been looking at this a while, and may be missing something simple. Any help would be appreciated.
Yes, the asa only supports dot1q trunking... Make sure you have a dot1q trunk running between the asa and the 2950. At that point, you can enter subinterface config mode on the asa (conf term->int eth0/1.19, for example), make sure you bind a vlan to the subinterface (type the command "vlan 19" to stick with the last example), give it a name (nameif vlan19), assign an ip address and it should work. Make sure the parent interface (if it's eth0/1.19, the parent would be eth0/1) is up (no shut).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...