Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
0
Helpful
1
Replies

Multiple VLANs behind single firewall segment?

jason.williams
Level 1
Level 1

‎02-06-2012 12:23 PM - edited ‎03-11-2019 03:24 PM

Here is what I need to do.  I need to create a firewalled segment that not only separates hosts from general population, but also from each other.  The solitary confinement of firewalled segments.

I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible.  1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.

Is there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?

Kind of like this?

VLAN 1 - hosts 1.1.1.5 and 1.1.1.6

VLAN 2 - hosts 1.1.1.7

Firewall DMZ Interface - 1.1.1.1
VLAN 3 - hosts 1.1.1.8 and 1.1.1.9

This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.

So, 1) does this make sense? and 2) is it possible?

I'm working with an ASA 5510 running 8.2.4(4).

Thanks.

Jason

Labels:
0 Helpful
1 Reply 1

rizwanr74
Level 7
Level 7

‎02-06-2012 12:42 PM

HI there,

Please read this thread at below link, it was very much similar implementation was done.

https://supportforums.cisco.com/message/3546019#3546019

Thanks

Rizwan Rafeek

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card