I have a ASA 5520 and a 3750 stack. (connected through subinterface 802.1q trunk)
I need to manage the 3750 but i am turning off IP routing.
I have about 10 vlans on the switches, and they are trunked 802.1q to my asa.
i have been allotted 10.233.8.8/30 for management from my team.
How do i set this up? Do i use the management console or put the management traffic on the trunked interface (i.e. subinterface)
Do i connect the ASA to the switch through the management interface or just through the trunked interface? My manager wanted me to use a management VLAN if that helps.
Put the 3750 into a vlan that is trunked to the ASA and for which the ASA has a subinterface. Ideally this vlan should be only used for managing the switches - lets say you use vlan 2. Then on the 3750
no ip routing
int vlan 2
ip address 192.168.5.2 255.255.255.0
ip default-gateway 192.168.5.1 <--- where 192.168.5.1 is the subinterface address on the ASA.
If you have ip routing disabled you can have the ASA translate all the management sources going to your router management ip address to the ASA's subinterface. That way you don't need the gateway as the router will be able to respond to a locally connected ip address in response to the management traffic.
You probably don't want the gateway, especially if you turn off ip routing.
Thank jon. but i have other vlans on this switch stack..so do i need the gateway address?
i dont want all my traffic going to the management subinterface? do i
If you want to access the 3750 from a subnet other than the management vlan you need the ip default-gateway.
The ip default-gateway only affects traffic to and from the switch itself, it has no effect on user traffic going through the switch. So all your traffic will not go to the management subinterface. When you make a switch L2 like the 3750 the ip default-gateway is simply used to remotely access the switch. Users will still go to their respective subinterface on the ASA for their vlan.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...