10-26-2010 10:49 AM
We will put a new ACE 4710 applicance on our production environment. It will be sit behind the firewall (ASA 5580) with routed mode. Two VLANs will be created for it, VLAN 10 (1.1.1.0/24) for VIP and VLAN 20 (1.1.2.0/24) for real servers. Assumed both ASA port and ACE port are connected to one switch such as G1/0/1 and G1/0/2. My question is how to configure two ports. Are both of them are set up as trunk port allowed only 10 and 20?
If they are, how to set up ASA and ACE end? I am not sure if following comfigurations are working.
ASA: Switch: G1/0/1
interface GigabitEthernet0/3 switch mode trunk
speed 1000 switchport trunk encapsulation dot1q
duplex full switchport trunk allowed 10,20
nameif LB-VIP
security-level 50
ip address 1.1.1.1 255.255.255.0
ACE:
interface G1/1 switch:G1/0/2
switch trunk allowed 10,20
switch mode trunk
interface vlan 10 switchport trunk encapsulation dot1q
ip address 1.1.1.4 255.255.255.0 switchport trunk allowed 10,20
interface vlan 20
ip address 1.1.2.1 255.255.255.0
Please let me know your thoughts. Thanks a lot!
Solved! Go to Solution.
10-26-2010 10:56 AM
Given a topology of
asa---vlan10-------ace------vlan20------server
You would not be configuring vlan 20 on port for asa.
Your ace config looks correct
the servers should point to 1.1.2.1 as their default gateway and on the ace you should be routing to the asa as the default gateway with
ip route 0.0.0.0 0.0.0.0 1.1.1.1
10-26-2010 10:56 AM
Given a topology of
asa---vlan10-------ace------vlan20------server
You would not be configuring vlan 20 on port for asa.
Your ace config looks correct
the servers should point to 1.1.2.1 as their default gateway and on the ace you should be routing to the asa as the default gateway with
ip route 0.0.0.0 0.0.0.0 1.1.1.1
10-26-2010 11:06 AM
Thanks for your quick response.
Like you mentioned, I will configure switch port connected to ASA as access port with VLAN 10, right?
VLAN 20 traffics will be reached through the routing table.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide