Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VLAN tagging on a Cisco ASA 5520?

Hi, I have a Cisco ASA 5520 and a Cisco 3750 switch. I want to create 3 VLANS (like DMZ's) on this switch and get the ASA to use this via its gigabit port, how can I do this?

4 REPLIES

Re: VLAN tagging on a Cisco ASA 5520?

There is a physical connection between the fa0/1 on the switch and the ethernet 4 interface on the PIX/ASA.

*******************************************

Switch Configuration

*******************************************

interface FastEthernet0/1

description Connection to PIX Firewall

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 100-103

switchport mode trunk

duplex full

speed 100

*******************************************

PIX/ASA Configuration

*******************************************

interface Ethernet4

description Trunk Only! DO NOT CONFIGURE!!

speed 100

duplex full

no nameif

security-level 10

no ip address

!

interface Ethernet4.100

description DMZ 100

vlan 100

nameif dmz101

security-level 10

ip address 10.10.100.254 255.255.255.0 standby 10.10.100.253

!

interface Ethernet4.101

description DMZ 101

vlan 101

nameif dmz101

security-level 10

ip address 10.10.101.254 255.255.255.0 standby 10.10.101.253

!

interface Ethernet4.102

description DMZ 102

vlan 102

nameif dmz102

security-level 10

ip address 10.10.102.254 255.255.255.0 standby 10.10.102.253

!

interface Ethernet4.103

description DMZ 103

vlan 103

nameif dmz103

security-level 0

ip address 10.10.103.254 255.255.255.0 standby 10.10.103.253

!

HTH and please rate.

Re: VLAN tagging on a Cisco ASA 5520?

Hi Jorge

Just curious, what happens if Vlan x has 2 ports, one is trunk to ASA and one is trunk to a switch which has member vlans 101-103 through trunk? Should we define vlan IDs of other switch?

Re: VLAN tagging on a Cisco ASA 5520?

I got confused by posts, I mean Collin not Jorge :)

Re: VLAN tagging on a Cisco ASA 5520?

Any port that is in that VLAN will be in the DMZ, assuming you have the VLAN on the trunks. Most people have separate switches for DMZ's from internal switches.

HTH

2694
Views
0
Helpful
4
Replies
CreatePlease login to create content