Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
2
Replies

Interface Configuration for ACE

Go to solution
HWangLoyalty_2
Level 1
Level 1

‎10-26-2010 10:49 AM

We will put a new ACE 4710 applicance on our production environment. It will be sit behind the firewall (ASA 5580) with routed mode. Two VLANs will be created for it, VLAN 10 (1.1.1.0/24) for VIP and VLAN 20 (1.1.2.0/24) for real servers. Assumed both ASA port and ACE port are connected to one switch such as G1/0/1 and G1/0/2. My question is how to configure two ports. Are both of them are set up as trunk port allowed only 10 and 20?

If they are, how to set up ASA and ACE end?  I am not sure if following comfigurations are working.

ASA:                                                                     Switch: G1/0/1

interface GigabitEthernet0/3                                     switch mode trunk
speed 1000                                                             switchport trunk encapsulation dot1q
duplex full                                                               switchport trunk allowed 10,20
nameif LB-VIP 
security-level 50 
ip address 1.1.1.1 255.255.255.0

ACE:

interface G1/1                                                       switch:G1/0/2

switch trunk allowed 10,20

                                                                            switch mode trunk

interface vlan 10                                                     switchport trunk encapsulation dot1q
ip address 1.1.1.4 255.255.255.0                            switchport trunk allowed 10,20
interface vlan 20

ip address 1.1.2.1 255.255.255.0

Please let me know your thoughts. Thanks a lot!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
litrenta
Level 3
Level 3

‎10-26-2010 10:56 AM

Given a topology of

asa---vlan10-------ace------vlan20------server

You would not be configuring vlan 20 on port for asa.

Your ace config looks correct

the servers should point to 1.1.2.1 as their default gateway and on the ace you should be routing to the asa as the default gateway with

ip route 0.0.0.0 0.0.0.0 1.1.1.1

View solution in original post

0 Helpful
2 Replies 2

Go to solution
litrenta
Level 3
Level 3

‎10-26-2010 10:56 AM

Given a topology of

asa---vlan10-------ace------vlan20------server

You would not be configuring vlan 20 on port for asa.

Your ace config looks correct

the servers should point to 1.1.2.1 as their default gateway and on the ace you should be routing to the asa as the default gateway with

ip route 0.0.0.0 0.0.0.0 1.1.1.1

0 Helpful

Go to solution
HWangLoyalty_2
Level 1
Level 1
In response to litrenta

‎10-26-2010 11:06 AM

Thanks for your quick response.

Like you mentioned, I will configure switch port connected to ASA as access port with VLAN 10, right?

VLAN 20 traffics will be reached through the routing table.

0 Helpful
Customers Also Viewed These Support Documents