I have 4 data VLANs in my network and am using a 6509 w/ SUP720 to route for them. I am using an ASA for firewall and that is working just fine. The problem is that I cannot get any of the VLANs to route outside. On the ASA I have created subinterfaces and labeled them with VLAN information and IP addresses. The link between the ASA and the 6509 is a trunk link, there is not a native vlan set. If I just use ONE vlan with a static route on the 6509 to outside: ip route 0.0.0.0 0.0.0.0 10.128.0.2 (ip of subint "inside" on ASA) everything works fine. If I add a route for say vlan 50: ip route 0.0.0.0 0.0.0.0 vlan 50 10.85.120.2 (ip of sub-int "name") then neither vlan will pass traffic outside. As soon as I take that 2nd static route off, then it works fine. On the ASA if I do a sho route - it sees that 10.85.120.0 is a directly connected subnet, etc.
I am setting the workstations IP info manually for vlan 50 and if I use a default gateway of 10.85.120.1 (the SVI on the 6509) it won't work. However, if I use the "name" interface of the ASA as the default gateway for the PC's everything works fine. Am I missing something here??!??!!
if your 6509 is setup as a router interconnecting all VLANs, then one default route in the IP routing table pointing to the ASA IP should do it. You wouldn´t even need a trunk to the ASA.
In case the 6509 works as a layer2 switch extending all VLANS to the ASA then set the respective ASA IP addresses as default gateway in your PCs and you should be fine as well. Then your ASA would be responsible for inter-VLAN routing.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...