1) sure you can trunk between HP switch and ASA appliance as long HP switch supports 802.1q standard I m sure it does, simply configure L2 vlans in the switch and associate vlans with ASA subinterfaces which will be required for dot1q trunking. Depending on which ASA5500 model you will used will depend on how many vlans can the ASA support.
You can see this information in Virtual interfaces (VLANs) in this link
2) Absolutely, you can implement ASA failover through a single switch but be aware this is a single point of failure ( the switch ), you can use two switches down the road and connect switch1 to ASA1 and switch2 to ASA2 as well as configure a trunk between the switches.
Also be aware of what type of Failover support on ASA you will required, ALL ASA models support regular failover and statefull failover, exept ASA5505 does not support stateful failover.
If you need info on statefull see this link for details.
Still some confusion!!!! I have make one V-lan (Vlan 100 Test) on FW and assigned IP 192.168.12.1 and same V-lan has created on the L2 Switch. The same V-lan SVI is connected with FW Test V-lan Interface. The Switch IP is 192.168.12.2 and which I can access when I connect switch default V-lan Interface after switching the FW connected cable from Test Vlan SVI to Def V-Lan Interface. Now qusetion is, why I am not able to access the swicth from my 12.1 Network even its connected on the same V-lan. Please suggest
Im not sure I clearly understand , could PLS post sanatize ASA configuration to understand the flow.
Assuming you have created all L2 vlans in switch as well as respective logical sibinterfaces in asa , trunking in switch etc.. , in ASA to communicate between interfaces you need NAT functionality, as well as access control list depending on security levels you have assigned.
Hi Jorge, I am very much understandable of provided your point's and am ready to go with that. As I have already cleared that we have HP L2 Switch which we will use it. Now what scenario I have drawn it, following mention:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :