Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA VLANs design

Dear All,

i will be thankful if u can answer this designing question.

I have cisco 4506 connected to ASA 5520 with GE port .

Now i have different servers connected to the 4506 switch .Now i want to put different servers in different zones.

Is it possible with a sigle GE port?

I heard that ASA works differently than PIX where u require a separate interface to put servers in a zone .

in ASA can u do it with VLANs???

Can somebody clarify this????

regards

Nouman Khan

4 REPLIES
New Member

Re: ASA VLANs design

The short answer is yes. The ASA has multiple modes of operation including a security context mode similar to the 6500 Firewall Service Module. In order to use these security contexts and allow multiple VLANs to terminate on an interface you will have to have the appropriate license for your ASA. You will need to talk to your Cisco SE or VAR for your pricing. Cisco's documentation for the ASA outlines this mode very well including multiple diagrams for different uses. The Cisco Press book that came out late last year for the ASA is also pretty useful but does not have all the newest CLI or ASDM commands and features that are found in 7.2(2). I hope this helps.

New Member

Re: ASA VLANs design

great answer thanks

i know about security context.that was also available with PIX

Considering my scenario without security context licenses how should i configure my ASA so that different servers connected to the 4506 get diff security levels

Can i map ports of 4506 to different vlans and than assign diff security level.

i am new to security that is why asking such questions.sorry

regards

Nouman khan

New Member

Re: ASA VLANs design

I hate to give you a pat answer on this part of your question...but the provided documentation will do you alot more good and allow you to customize your ASA to fit the roles you need. This link:

http://www.ciscopress.com/articles/article.asp?p=426641&seqNum=1&rl=1

has portions of the Cisco Press Book on the ASA available online. If you are just starting out with PIX and ASA's then this is a great book to pick up as a quick reference.

That link also diagrams using security contexts both in share and dedicated interface modes as well as outlines the requirements for single vs. multiple contexts.

This document should give you the nitty-gritty details you need to define your switch VLANs as well as your ASA VLANs;

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/general/int5505.pdf

Again sorry to just point you at docs but there are about a million ways to deploy the ASA and diving into the docs will help you zero in on your requirements and the process to reach your goals. If you have more specific questions let me know.

Green

Re: ASA VLANs design

I think we need to add that you do not need a security plus license (security contexts) to create subinterfaces (vlans) on an asa. Check "show ver" for Maximum Vlans.

168
Views
0
Helpful
4
Replies
CreatePlease login to create content