Do you need to firewall between the data and voice vlans ?
The simplest thing would be to make the default gateway for the data vlan the L3 switch SVI and not the ASA. Then you use a separate IP subnet to connect the L3 switch to the ASA and route between them.
If you do need to firewall between the data and voice vlans then obviously traffic needs to go in and come back out of the ASA inside interface so you would need to set that up correctly.
So if you want to firewall between the vlans can you post your ASA config ?
The other issue you have with your current setup is traffic flow ie.
a data client sends it's traffic to the ASA to get to the call manager. The default gateway of the call manager is the L3 switch. When the return traffic gets to the L3 switch it then goes direct to the client because you have a L3 SVI for the data vlan on the L3 switch.
So traffic does not go back via the ASA which may create issues with state on the firewall although it may still work.
The way to solve this would be to remove the L3 SVI for the data vlan off the L3 switch but then you would need to add a route to the L3 switch for the data vlan via the ASA.
So either way you need to add a bit of configuration.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...