ASA 5505 vlan's routing & access-list

Narsimha Golla · ‎01-05-2012

Dear All,

Please suggest the configuration for bellow attached document

Thanks,

Narsimha

ajay chauhan · ‎01-05-2012

If you have any specific question then people here might guide you but if you are looking for full explanation for each and everything then you much must read the configuration guide of your ASA product frist.

Thanks

Ajay

Julio Carvajal · ‎01-05-2012

Hello,

You have set up the ASA interface as a trunk link.

So now all you need to do is to create an acl on the inside interface like this:

-access-list test deny ip host 192.168.1.5 192.168.20.0 255.255.255.0

-access-list test permit ip any any

acess-group test in interface inside

That should do it.

Regards,

Please rate if post was helpful!

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

rizwanr74 · ‎01-05-2012

You setup is configurable. It is not fair you expect the whole configurations from Cisco Support community users, who are doing it for labor of love. Even if someone gives you a whole confirmation, it does not end there but you need to maintain and change configuration time and time again.

I would recommend you, if you do not want to bother with configuration technical nitty-gritty on ASA5505 firewall, just get a layer3 switch and enable NAT on the firewall and make your life easy for you.

Julio Carvajal · ‎01-05-2012

Hello,

Adding to what rizwanr74 has said ( 100 % true) the configuration is not that hard, you just need to configure the link to the ASA to the switch as a trunk, and that's it, inter-vlan routing will be done. Now you just need to create an ACL to limit that traffic.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC