Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
821
Views
0
Helpful
8
Replies

ASA 5505 with Catalyst 3750

fasteddye
Level 1
Level 1

‎10-08-2010 10:23 AM - edited ‎03-11-2019 11:52 AM

I need some assistance with placing an ASA5505 on our existing network.  This ASA5505 is going to be used to connect to a software vendor.  The outside interface of the ASA I have setup to connect to the provider which will connect to the software vendor.  I need to then connect the ASA 5505 to our network, in this case a Catalyst 3750.  We would like to manage this device on a particular existing vlan.

Thanks.

Labels:
0 Helpful
8 Replies 8

Panos Kampanakis
Cisco Employee
Cisco Employee

‎10-08-2010 10:29 AM

Here is where to start http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/int5505.html by configuring interfaces and subinterfaces (vlan).

I hope it helps.

PK

0 Helpful

fasteddye
Level 1
Level 1
In response to Panos Kampanakis

‎10-08-2010 12:12 PM

Thanks for the link.

I have setup the vlan on the ASA5505 and set the switchport vlan on the port as below.

Vlan ABC

nameif inside

security-level 100

ip address 10.x.x.x 255.255.255.0

no shut

Inteface Ethernet 0/2

switchport access vlan ABC

no shut

Now on the catalyst 3750, should the port be setup as "switchport access vlan ABC"?

Then we should be able to ASDM to the 10.x.x.x that was assigned?

Thanks.

0 Helpful

fasteddye
Level 1
Level 1
In response to fasteddye

‎10-08-2010 01:01 PM

When I attempt to asdm to this 5505, I see the following log message.

Routing failed to locate next hop for TCP from inside:10.10.190.x/443 to inside:10.10.12.x/51386

The 10.10.190.x is the management ip of asa 5505 and the 10.10.12.x is my ip address.

Thanks.

0 Helpful

estelamathew
Level 2
Level 2
In response to fasteddye

‎10-08-2010 01:02 PM

Hello,

Now on the catalyst 3750, should the port be setup as "switchport  access vlan ABC"?

YES

Please create SVI on 3750 with same subnet IP of firewall inside interface.

HTH

Estela

0 Helpful

fasteddye
Level 1
Level 1
In response to estelamathew

‎10-08-2010 01:06 PM

the svi for this vlan is on our core.

0 Helpful

estelamathew
Level 2
Level 2
In response to fasteddye

‎10-08-2010 01:18 PM

Hello,

ON 3750 same vlan for the ASA side and same vlan on other side where it is connecting to core,Both the ports should be in same vlan. U can try to ping from core whether the ASA inside interface is reacheable or not.

HTH,

Thanks

0 Helpful

fasteddye
Level 1
Level 1
In response to estelamathew

‎10-08-2010 01:21 PM

i added static route statement for all traffic to use the gateway address of vlan 190.

i can now asdm and ssh to the asa.

0 Helpful

estelamathew
Level 2
Level 2
In response to fasteddye

‎10-08-2010 01:24 PM

Hello ,

Internet Addresses are not known so u should add a Static defult route pointing to ASA inside interface on core.

Pls do rate post if it helps

THANKS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card