Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

default gateway on switch

Hi,

Is the default gateway on a switch the outside interface of firewall or the Ethernet interface on the router, which connects to the outside int of the firewall?

  • Getting Started with LANs
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: default gateway on switch

Said

Default-gateway of switch should be the ip address of the inside interface on the ASA that the switch connects into.

You cannot make it the outside interface of the ASA because the IP address of the ASA outside interface would not be in the same subnet as the switch IP address.

Jon

8 REPLIES
New Member

Re: default gateway on switch

Your default gateway should be the inside interface on the router. The router will forward the packets to the outside network and to hopefully to their final destination. HTH

Hall of Fame Super Blue

Re: default gateway on switch

Said

Just to clarify, you are talking about a switch that is on the outside of the pix firewall that connects the pix and the internet router ?

If so i would make the firewall the default-gateway. Reason for this is that it makes it more difficult for anyone to try and connect to the switch from the Internet. If the switch had a default-gateway pointing to the Internet router then potentially someone could connect to the switch from the Internet.

As a further point - a lot of people advise making the switch on the outside of the firewall unmanaged ie. it has no ip address and default-gateway for security reasons.

If you do need to manage it lock access to it down from an address inside your network.

HTH

Jon

New Member

Re: default gateway on switch

Jon,

The Cisco Cat 2950 switch is connected to one of seven inside ports of an ASA5505 firewall. There is only one VLAN on the switch and firewall. So is the switch's default gateway the ASA5505's outside interface, public IP address?

Thanks.

Said

Hall of Fame Super Blue

Re: default gateway on switch

Said

Need to be careful here as the wroing advice may be a security problem for you.

You have a switch that is connected to one of the inside ports on the ASA.

Where is the router in relation to the ASA and the switch and what does the router do.

Jon

New Member

Re: default gateway on switch

Jon,

The perimeter router's Eth int is connected to the ASA's 0 interface/Public IP.

ISP router>perimeter router>ASA>switch. At a later date the MPLS router will connect to the switch.

Hall of Fame Super Blue

Re: default gateway on switch

Said

Default-gateway of switch should be the ip address of the inside interface on the ASA that the switch connects into.

You cannot make it the outside interface of the ASA because the IP address of the ASA outside interface would not be in the same subnet as the switch IP address.

Jon

New Member

Re: default gateway on switch

cool. Thank you.

New Member

Re: default gateway on switch

Jon,

You had mentioned about redirecting packets from a switch to the ASA firewall, and back to a port on the switch connecting to a MPLS router. You called it "hairpinning". Do you the correct statement for configuring static routes in the ASA firewall to redirect packets to the port in the switch that links to the MPLS router?

Thanks.

Said

286
Views
0
Helpful
8
Replies
This widget could not be displayed.