Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

multiple vlans on firewall

There needs to be a base design to come up with for a data center where multiple server groups or units will be in place.

Wanted to know if there is any way to use ASA in such a scenario using vlan segmentatation or whatever means.

Objective is to achieve resiliency and security within these multiple groups. If there is any inter-group communication required, it is desired to be done in a very limited manner.

Please give valuable inputs. Achieving optimum device/design is also a thrust here, like what platform would be used as core switching/routing and how to judge that.Links to any such design or scenario will be of great help also

Thanks in advance as usual for all fellow members!

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: multiple vlans on firewall

ASA can do vlanning. You can create vlan logical subinterfaces and they can act as regular interfaces and pass traffic between them and everything.

So using a switch to put hosts, servers etc in vlans and have the ASA "firewall" traffic between them.

Depending on your traffic requirements you should chose your ASA model 5510-20 are the low-end models, 5540 is mid-size and 5550s and 5580s are powerful boxes.

As for the switches, there is a great variety of switches you can chose from.

I hope it helps you to get started.

PK

2 REPLIES

Re: multiple vlans on firewall

You can use trunking on the ASA and the ASA will be the default gateway for each subnet. Any inter-vlan communication will have to flow through the ASA and you can restrict/allow as you see fit.

Cisco Employee

Re: multiple vlans on firewall

ASA can do vlanning. You can create vlan logical subinterfaces and they can act as regular interfaces and pass traffic between them and everything.

So using a switch to put hosts, servers etc in vlans and have the ASA "firewall" traffic between them.

Depending on your traffic requirements you should chose your ASA model 5510-20 are the low-end models, 5540 is mid-size and 5550s and 5580s are powerful boxes.

As for the switches, there is a great variety of switches you can chose from.

I hope it helps you to get started.

PK

173
Views
0
Helpful
2
Replies
CreatePlease to create content