topic Re: ASA 5555 in Network Security

ASA 5555

DerekLazarus78183 — Thu, 23 Sep 2021 19:03:54 GMT

So I have a ASA 5555, coming off it I have a L3 Switch. This switch has its own set of VLANs that I would like to keep seperate from another vlan database on another L3 switch hanging off it as well that houses a seperate network. I would like to be able to monitor the network from one side to the other with NMS software and scans etc. Should I have a router on a stick configuration for the interfaces to allow the vlans to communicate with the inside network for SNMP and other software and how will this interfere with VLANs that may have the same id, wouldn't those machines essentially be able to talk when that is not the intended behavior. I was going for being able to monitor each network but essentially routing to another network allowing each to have their own vlan database without them bleeding into each other.

Re: ASA 5555

Rob Ingram — Thu, 23 Sep 2021 19:19:28 GMT

@DerekLazarus78183

So you have L3 switch > ASA > L3 switch?

If each L3 switch has an SVI for the local networks, configure a routed link between the switch and the ASA. Define static routes on the ASA to each network, via the next hop, the ASA won't know about the VLAN IDs. You'll obviously have to permit traffic via an ACL inbound on the ASAs interface.

Re: ASA 5555

DerekLazarus78183 — Thu, 23 Sep 2021 20:25:58 GMT

Yes

Re: ASA 5555

DerekLazarus78183 — Fri, 24 Sep 2021 14:39:18 GMT

I pretty much had already set things up this way turns out there was a software config issue with repositories not being configured for particular subnets after deep diving into everything. Thanks !