Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

asa5505vlans

Dear sir,

i have three servers connected to switch from that switch to i connected to firewall through this firewall iwant to communicate this servers and already i configure the firewall plz guide me if any changes require.

iam attaching my config.

thanks&Regards

srini

1 ACCEPTED SOLUTION

Accepted Solutions

Re: asa5505vlans

if u get work let me know

good luck

9 REPLIES

Re: asa5505vlans

can you describe your requirment in more details please?

u want to put each server in deffrent vlan and they communicate through the firewall

wat you want?

also how many vlan u have and how many physical interfaces in ur firewall u have?

let me know ur requirment in details to let me help u

Community Member

Re: asa5505vlans

Dear sir,

Thanks for reply and i have 3 servers connected to switch and i want to communicate that servers through the firewall asa5505

plz tell me how can i config the firewall.

srini

Re: asa5505vlans

how many internal physical interfaces on ur firewall u can use?

Community Member

Re: asa5505vlans

Dear sir,

i have 7 ethernet ports and we can use

srini

Re: asa5505vlans

what you need to do is:

creat three vlans on your swtich and dont creat any vlan interface on the switch to avoid any vlan routing

lets say u created vlan 10, 20 , 30

put each server in a vlan

interface fa0/1

switchport access vlan 10

the same for each server

also reserve a firewall interface for each vlan and make the IP addressing of each server and firewall interface within the same vlan in the same ip addresing range

and make each interface in a corsponding vlan in the switch

let say inteface fa0/2 will be connected to the firewall so make it on vlan 10

and the same for each vlan and server

SERVER1--vlan10--switch--vlan10--firewall interface 1

server2--vlan20--switch--vlan20--firewall interface 2

and so one

in this case each server will communicate with firewall interface that its on the same vlan

lets say server 1 ip address is 10.1.1.5 and as we said server in vlan 10

now lets say in the firewall interface hat connected to the switch interface in vlan 10 is fa0/1

so give this firewall interface ip address as 10.1.1.1

now the default gateway for server 1 will be 10.1.1.1 which is the firewall interface that reside in the same vlan

and the same for all servers and their vlans

the communications between servers will be through the firewall

dont forget if u give each interface deffrent security level make the right ACL to allow comunication between them

the config will be only firewall ACLs and apply it in the right direction

do it if anything stoped let me know

good luck

please Rate if helpful

Re: asa5505vlans

for more help

let say this is the fire wall interface connected to the switch port that is in vlan 10

interface fa0/1

nameif inside1

security-level 55

no shut

ip address 10.1.1.1

server ip address 10.1.1.5 default gateway 10.1.1.1

lets say server one in vlan 20 has ip address 20.1.1.1

and its defaultgate way the ip address of the firewall interface that connect to the switch port in vlan 20

lets say 20.1.1.10

so if you want server1 communicat with server2

make acl

access-list 100 permit ip host 10.1.1.5 host 20.1.1.1

access-group 100 in interface inside1

and so on ...

Re: asa5505vlans

if u get work let me know

good luck

Community Member

Re: asa5505vlans

Dear sir,

Thanks for ur great on time support and iam very greatfull to u.

I tried ur config its working fine,

Thanks for netfourms and great support from u.

Thanks&Regards

srini

Re: asa5505vlans

i am so happy its work

and u welcome :)

173
Views
0
Helpful
9
Replies
CreatePlease to create content