Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA VLAN 1 connection to different VLAN

Hi all,

I will be setting up a LAN(PCs and Laptops) at a customter's site. The customer offered to provide me with connections on their core switch on a separate VLAN. I will setup an Cisco ASA5505 on the edge connected to router. So, here is the toplogy:

     PC to Customer's Core Switch (VLAN125)

     ASA int E0/1 VLAN1 to Customer's Core Switch (VLAN125)

I would like to know if this configuration would work. Also, can I ping from the PC to the global int (E0/0 VLAN2) and LAN int of the router which has a public IP address?

Thanks,

sK

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA VLAN 1 connection to different VLAN

Sadik,

The topology isnt' clear. Pls. clarify.

Which is E0/0 vlan2?

PC--vlan125--swtich---vlan1--ASA-vlan2--Router--internet

You are asking if you can ping from the PC to the ASA's vlan2 interface? If so the answer is NO.

But you can ping from the PC to the Router's vlan2 interface.

The reason is you can only ping the closest interface to your client. You canno ping the far side interface of the firewall.

-KS

6 REPLIES
Cisco Employee

Re: ASA VLAN 1 connection to different VLAN

Sadik,

The topology isnt' clear. Pls. clarify.

Which is E0/0 vlan2?

PC--vlan125--swtich---vlan1--ASA-vlan2--Router--internet

You are asking if you can ping from the PC to the ASA's vlan2 interface? If so the answer is NO.

But you can ping from the PC to the Router's vlan2 interface.

The reason is you can only ping the closest interface to your client. You canno ping the far side interface of the firewall.

-KS

New Member

Re: ASA VLAN 1 connection to different VLAN

Sorry if I wasn't clear.

Here is the clarificaiton:

PC plugged into VLAN125 of customer's Switch

Inside Interface E0/1 (VLAN1) on the ASA plugged into the VLAN125 of customer's switch

Global Interface E0/0(VLAN2) on the ASA plugged into the router (FA0/0)

Router S0/0 connects to Internet

So, the question is if I ping the ASA Inside interface from the PC, would this work? And also, let's say PC IP is 172.16.2.100 and Inside ASA int E0/1 VLAN1 IP is 172.16.2.1.

Thanks in advance,

sK

Cisco Employee

Re: ASA VLAN 1 connection to different VLAN

As long as the switch can route between blan125 and vlan1 you should be able to ping from the pc to vlan 1(inside).

The ASA will not let you ping vlan2 though from the pc.

I hope it helps.

PK

New Member

Re: ASA VLAN 1 connection to different VLAN

Thanks for the repoly.

I am not sure if the customer would enable that; however, as a solution, should I create a matching VLAN, VLAN125, on the inside ASA interface so routing wouldn't required?

Thanks in adavance,

sK

Hall of Fame Super Blue

Re: ASA VLAN 1 connection to different VLAN

sadik.bash wrote:

Sorry if I wasn't clear.

Here is the clarificaiton:

PC plugged into VLAN125 of customer's Switch

Inside Interface E0/1 (VLAN1) on the ASA plugged into the VLAN125 of customer's switch

Global Interface E0/0(VLAN2) on the ASA plugged into the router (FA0/0)

Router S0/0 connects to Internet

So, the question is if I ping the ASA Inside interface from the PC, would this work? And also, let's say PC IP is 172.16.2.100 and Inside ASA int E0/1 VLAN1 IP is 172.16.2.1.

Thanks in advance,

sK

sK

It's not clear what you mean when you say "Inside interface E0/1 (VLAN1) on ASA plugged into vlan 125 of customer switch"

If the interface is connected to a port on the switch that is configured to be in vlan 125 then the ASA interface is not in vlan 1 at all but vlan 125.

So as long as the PC and the ASA connect to ports configured as vlan 125 and the PC and ASA have an IP address from the same subnet then you will not need routing.

Jon

New Member

Re: ASA VLAN 1 connection to different VLAN

Thanks to all for your assistance.

SK

526
Views
0
Helpful
6
Replies
CreatePlease to create content