Re: Same V-Lan communication between sites via Tunnel

ray_stone · ‎09-28-2008

Hi,

We have two ASA 5505 installed on both sites. If I make a new V-lan on FW1 like V-Lan 100 and assign the IP range 192.168.10.1/24 and same V-lan I create on other site FW2 like V-lan 100 and not assigned any IP but I want the FW2 clent machine use the gateway 192.168.10.1 and it will directly communicate. Is it possible? Thanks

Marwan ALshawi · ‎09-28-2008

hi ray

as long as the traffic between the Firewalls if L3 then the vlan tag will be removed adn u will not keep the vlan end-to-end

clients on remote site need to use FW2 as gateway regardless witch interface they connect to that interface should be thier gateway to the other FW1

good luck

if helpful Rate

ray_stone · ‎09-29-2008

FW 1 int e0/3 V-lan 100 192.168.10.1/24

FW 2 int e0/4 V-lan 100

Here we are not using any L3 switch all both int are configured on FW itself. Now please explain which wud be the gateway from client or FW.

Thanks

Marwan ALshawi · ‎09-29-2008

each host will use the inside firewall IP as defualt gateway in each in its site

cllients---FW1-----FW2---clients

clients behind FW1 will use FW1 as defualt gateway to go to FW2 and clients behind FW2 will use FW2 as defualt gateway

if helpful Rate

ray_stone · ‎09-29-2008

Thanks!! Do i need to make two seperate subnets and allow them by making access list. Thanks

ray_stone · ‎09-29-2008

Please advice??

Marwan ALshawi · ‎09-29-2008

ok simly make like

192.168.1.0/24--FW1---othersubnet--FW2--192.168.2.0/24...

ray_stone · ‎09-29-2008

Client Machine (192.168.10.3 GTW 192.168.10.1)---ASA Vlan 100 (Int e 0/2) (192.168.10.1)-----Tunnel-------ASA Vlan 100 (Int e0/2) Same Vlan 100----Clent Machine (192.168.10.4, GTW 192.168.10.1)

The below scenario I want, is it possible through Tunnel. thanks

ray_stone · ‎07-22-2009

Pls advice!!!