06-03-2020 09:39 AM
Hello All,
My infrastructure is composed of 4 servers, KVM Switch, PDU, a Cisco Catalyst switch, and Cisco ASA 5555-X with FirePOWER firewall that is expanded with 6-port Ethernet adapter for a total of 14 Ethernet ports. I want to use this infrastructure to deploy small-scale CloudStack based cloud system as shown in the attached figure. Note that in this deployment, there is one public IP where the traffic is NAT forwarded to the management server and the rest is on local IP. Since my planned deployment is small, I would like to eliminate the switch altogether and use the firewall only. Aside from being not the best practice, would this be technically possible? i.e. to configure a firewall so that it can eliminate the need for a Layer-2 switch and operate my cloud using only the firewall?
Thank you.
Solved! Go to Solution.
06-04-2020 08:33 PM
No. the ASA 5555-X ports cannot act as switch ports - only as layer 3 routed ports. That applies to both the built-in and expansion module ports.
Some of the newer models like the Firepower 1100 series or recently discontinued ASA 5506-X have the capability to configure ports as switch ports.
06-05-2020 05:34 AM
Yes if you change the overall firewall mode to transparent the ports aren't routed. But then the firewall cannot act as a gateway as you show in your design. The same subnet needs to be on both inside and outside. You also still do not get switching between "inside" interfaces.
06-04-2020 08:33 PM
No. the ASA 5555-X ports cannot act as switch ports - only as layer 3 routed ports. That applies to both the built-in and expansion module ports.
Some of the newer models like the Firepower 1100 series or recently discontinued ASA 5506-X have the capability to configure ports as switch ports.
06-04-2020 11:07 PM
06-05-2020 05:34 AM
Yes if you change the overall firewall mode to transparent the ports aren't routed. But then the firewall cannot act as a gateway as you show in your design. The same subnet needs to be on both inside and outside. You also still do not get switching between "inside" interfaces.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide