Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
842
Views
0
Helpful
4
Replies

Connecting 3560-X to ASA 5505

Go to solution
citadeltheatre
Level 1
Level 1

‎06-14-2012 09:55 AM - edited ‎03-07-2019 07:15 AM

Hello,

I recently purchased a 3560-X and i am just in the process of setting it up, my question is there a recommended way i should connect it to my ASA. Just playing around i was able to setup a routed port on the 3560 and connect it to the ASA and everything works great but I also have the security plus licenses on the ASA so I could trunk between the two.

Any options which would be a better option? Routed or Trunk?

Thanks!

Paul

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nkarthikeyan
Level 7
Level 7
In response to citadeltheatre

‎06-14-2012 10:56 AM

i suggest you can use routed mode for this scenario..

r u using your asa as the next hop/gateway for 3560x... if so u can have the multiple subinterfaces created on the inside interfaces and route the different subnet gateways....

also you can do on the vlan based transparent mode also.... better go for routed mode

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎06-14-2012 10:01 AM

Paul,

The ASA can run in routed mode (default) or transparent mode (layer-2 bridging).  When you set it in routed mode,there is no need to trunk the port.  The ASA is acting as a router with the inside interface subnet being different than the outside.  So, you should be good to go.

HTH

0 Helpful

Go to solution
citadeltheatre
Level 1
Level 1
In response to Reza Sharifi

‎06-14-2012 10:10 AM

Hi Reza,

Thanks for the quick reply, sorry i should have expanded a bit more, the 3560 is doing all the routing and switching for all my vlans and then I would like internet bound traffic forwarded onto the ASA.

Paul

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to citadeltheatre

‎06-14-2012 10:49 AM

Ok, so the switch has all the SVIs and is routing between the vlans for you.  Now, you have a layer-3 link between the switch and the inside interface of the firewall (could be /30). You also need a subnet between the outside interface and the provider. (/30, 29, etc...) on the firewall you need the default route towards the service provide and static router towards your 3560 for the  vlans..

HTH

0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7
In response to citadeltheatre

‎06-14-2012 10:56 AM

i suggest you can use routed mode for this scenario..

r u using your asa as the next hop/gateway for 3560x... if so u can have the multiple subinterfaces created on the inside interfaces and route the different subnet gateways....

also you can do on the vlan based transparent mode also.... better go for routed mode

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card