Sure is possible, lets see, asa5510 can support up to 50 VLANS with Base lisence and 100 VLANs with security plus lisence. You will have to use trunking and allocate a FE on the ASA for this. Assuming your 2960 is a 48 port switch, not a 24 port because you will need to acomodate 25 vlans with corresponding switchport vlan#s.
1-Create your 25 vlans in the switch
2-Allocate port on switch for 802.1q trunking to a allocated FE port on ASA
3-Create subinterfaces in ASA - define IP scheme for each interface
4-Define security level requirements for subinterfaces, you could use same security level on each subinterfaces and if you do not want comminication between them you can use"no same-security-traffic permit inter-interface" command. If comminication is
needed between hosts on different vlans it can be accomplish through acls.
5- for internet acces you could use your outside interface to PAT inside nets for outbound internet connections.
Assume you have 4 networks 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199
Since the Layer 3 interfaces of vlan are created on ASA , only l2 vlans needs to be created on the switches. Just create L2 vlan on the switches and you can extend the vlans to more switches.Just make sure that these switches are in same vtp domain and take care of the VTP more client/server or transparent etc. Yes you need to create trunk between two switches.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...