cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
581
Views
0
Helpful
8
Replies

default gateway on switch

saidfrh
Level 1
Level 1

Hi,

Is the default gateway on a switch the outside interface of firewall or the Ethernet interface on the router, which connects to the outside int of the firewall?

1 Accepted Solution

Accepted Solutions

Said

Default-gateway of switch should be the ip address of the inside interface on the ASA that the switch connects into.

You cannot make it the outside interface of the ASA because the IP address of the ASA outside interface would not be in the same subnet as the switch IP address.

Jon

View solution in original post

8 Replies 8

williamsdo
Level 3
Level 3

Your default gateway should be the inside interface on the router. The router will forward the packets to the outside network and to hopefully to their final destination. HTH

Jon Marshall
Hall of Fame
Hall of Fame

Said

Just to clarify, you are talking about a switch that is on the outside of the pix firewall that connects the pix and the internet router ?

If so i would make the firewall the default-gateway. Reason for this is that it makes it more difficult for anyone to try and connect to the switch from the Internet. If the switch had a default-gateway pointing to the Internet router then potentially someone could connect to the switch from the Internet.

As a further point - a lot of people advise making the switch on the outside of the firewall unmanaged ie. it has no ip address and default-gateway for security reasons.

If you do need to manage it lock access to it down from an address inside your network.

HTH

Jon

Jon,

The Cisco Cat 2950 switch is connected to one of seven inside ports of an ASA5505 firewall. There is only one VLAN on the switch and firewall. So is the switch's default gateway the ASA5505's outside interface, public IP address?

Thanks.

Said

Said

Need to be careful here as the wroing advice may be a security problem for you.

You have a switch that is connected to one of the inside ports on the ASA.

Where is the router in relation to the ASA and the switch and what does the router do.

Jon

Jon,

The perimeter router's Eth int is connected to the ASA's 0 interface/Public IP.

ISP router>perimeter router>ASA>switch. At a later date the MPLS router will connect to the switch.

Said

Default-gateway of switch should be the ip address of the inside interface on the ASA that the switch connects into.

You cannot make it the outside interface of the ASA because the IP address of the ASA outside interface would not be in the same subnet as the switch IP address.

Jon

cool. Thank you.

Jon,

You had mentioned about redirecting packets from a switch to the ASA firewall, and back to a port on the switch connecting to a MPLS router. You called it "hairpinning". Do you the correct statement for configuring static routes in the ASA firewall to redirect packets to the port in the switch that links to the MPLS router?

Thanks.

Said

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: