01-12-2009 11:52 AM - edited 03-11-2019 07:35 AM
I currently have a Catalyst 4510e doing intervlan routing between multiple Vlans. I want to install an ASA 5540 into the mix which will have a DMZ and another firewalled PCI segment, that is protected by the ASA. Is there a Cisco article that describes designing maybe a dot1q trunk between the ASA and the 4500 so that I can keep using the 4500 as my core router but use the ASA for routing DMZ and PCI VLAN traffic? What I am looking to do is somehow continue managing vlans via the 4500 but having some of those vlans firewalled and routed by the ASA's. Hope this makes sense.
01-12-2009 12:08 PM
In your 4506's you would create new firewall VLAN's, but not configure any SVI's (layer 3 interfaces). The default gateway will be the ASA.
Hope that helps.
Check Jon's post for the interface config.
01-12-2009 12:09 PM
Joshua
Yes this is perfectly possible. Attached is a link to creating vlan subinterfaces on the ASA -
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html#wp1044006
You then need to configure the port on the 4510e that the ASA interface connects into as a 802.1q trunk.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: