Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Connecting 3560-X to ASA 5505

Hello,

I recently purchased a 3560-X and i am just in the process of setting it up, my question is there a recommended way i should connect it to my ASA. Just playing around i was able to setup a routed port on the 3560 and connect it to the ASA and everything works great but I also have the security plus licenses on the ASA so I could trunk between the two.

Any options which would be a better option? Routed or Trunk?

Thanks!

Paul

1 ACCEPTED SOLUTION

Accepted Solutions

Connecting 3560-X to ASA 5505

i suggest you can use routed mode for this scenario..

r u using your asa as the next hop/gateway for 3560x... if so u can have the multiple subinterfaces created on the inside interfaces and route the different subnet gateways....

also you can do on the vlan based transparent mode also.... better go for routed mode

4 REPLIES
VIP Super Bronze

Connectiong 3560-X to ASA 5505

Paul,

The ASA can run in routed mode (default) or transparent mode (layer-2 bridging).  When you set it in routed mode,there is no need to trunk the port.  The ASA is acting as a router with the inside interface subnet being different than the outside.  So, you should be good to go.

HTH

New Member

Connectiong 3560-X to ASA 5505

Hi Reza,

Thanks for the quick reply, sorry i should have expanded a bit more, the 3560 is doing all the routing and switching for all my vlans and then I would like internet bound traffic forwarded onto the ASA.

Paul

VIP Super Bronze

Connecting 3560-X to ASA 5505

Ok, so the switch has all the SVIs and is routing between the vlans for you.  Now, you have a layer-3 link between the switch and the inside interface of the firewall (could be /30). You also need a subnet between the outside interface and the provider. (/30, 29, etc...) on the firewall you need the default route towards the service provide and static router towards your 3560 for the  vlans..

HTH

Connecting 3560-X to ASA 5505

i suggest you can use routed mode for this scenario..

r u using your asa as the next hop/gateway for 3560x... if so u can have the multiple subinterfaces created on the inside interfaces and route the different subnet gateways....

also you can do on the vlan based transparent mode also.... better go for routed mode

452
Views
0
Helpful
4
Replies
CreatePlease login to create content