cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2642
Views
0
Helpful
4
Replies

ASA Firewall between a switch and a router

Bienvenu Ngala
Level 1
Level 1

Hi all,

I really, really need help to place my ASA 5505 between a L3 c3757 switch and a 1921 Series router.

Switch: ip routing with all the Vlans interface up, the interface gi1/0/1 is configured as a trunk port to allow all the Vlans accessing the internet through the router. Servers and workstations are connected to the switch on different Vlan ports. The default gateway is the router inside interface address.

Router: Configured as router on the stick, Nat overloads, the interface inside ge0/1 is a trunk port facing the switch.

With this configuration everything is working fine,  but I am trying to place an ASA firewall for features like IPS, URL filtering, Application control and so on, I am really struggling for almost a week so I decided to seek for help from the expert.

Please help me to where I should place the firewall and what should I change, your help will be highly appreciate. 

 

Many thanks,

1 Accepted Solution

Accepted Solutions

pieterh
VIP
VIP

there are several options.

most simple could be placing the firewall in transparent mode (not routing mode) between the switch and the router-on-a-stick

for each vlan create subinterfaces on both side, assign each pair a BVI

and let the firewall "bridge" between the subinterfaces.

View solution in original post

4 Replies 4

pieterh
VIP
VIP

there are several options.

most simple could be placing the firewall in transparent mode (not routing mode) between the switch and the router-on-a-stick

for each vlan create subinterfaces on both side, assign each pair a BVI

and let the firewall "bridge" between the subinterfaces.

Many thanks for your help,

But another question is with the firewall in bridged mode, I will still get all the features I need from the firewall such as packets inspection, anti-bot, anti-virus, url filtering etc...

 

Thanks,

 

most inspection/filtering is still possible.

here some links that may help you

 

Transparent or Routed Firewall Mode

Many thanks.

Your help is appreciate

Review Cisco Networking for a $25 gift card