10-08-2010 10:23 AM - edited 03-11-2019 11:52 AM
I need some assistance with placing an ASA5505 on our existing network. This ASA5505 is going to be used to connect to a software vendor. The outside interface of the ASA I have setup to connect to the provider which will connect to the software vendor. I need to then connect the ASA 5505 to our network, in this case a Catalyst 3750. We would like to manage this device on a particular existing vlan.
Thanks.
10-08-2010 10:29 AM
Here is where to start http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/int5505.html by configuring interfaces and subinterfaces (vlan).
I hope it helps.
PK
10-08-2010 12:12 PM
Thanks for the link.
I have setup the vlan on the ASA5505 and set the switchport vlan on the port as below.
Vlan ABC
nameif inside
security-level 100
ip address 10.x.x.x 255.255.255.0
no shut
Inteface Ethernet 0/2
switchport access vlan ABC
no shut
Now on the catalyst 3750, should the port be setup as "switchport access vlan ABC"?
Then we should be able to ASDM to the 10.x.x.x that was assigned?
Thanks.
10-08-2010 01:01 PM
When I attempt to asdm to this 5505, I see the following log message.
Routing failed to locate next hop for TCP from inside:10.10.190.x/443 to inside:10.10.12.x/51386
The 10.10.190.x is the management ip of asa 5505 and the 10.10.12.x is my ip address.
Thanks.
10-08-2010 01:02 PM
Hello,
Now on the catalyst 3750, should the port be setup as "switchport access vlan ABC"?
YES
Please create SVI on 3750 with same subnet IP of firewall inside interface.
HTH
Estela
10-08-2010 01:06 PM
the svi for this vlan is on our core.
10-08-2010 01:18 PM
Hello,
ON 3750 same vlan for the ASA side and same vlan on other side where it is connecting to core,Both the ports should be in same vlan. U can try to ping from core whether the ASA inside interface is reacheable or not.
HTH,
Thanks
10-08-2010 01:21 PM
i added static route statement for all traffic to use the gateway address of vlan 190.
i can now asdm and ssh to the asa.
10-08-2010 01:24 PM
Hello ,
Internet Addresses are not known so u should add a Static defult route pointing to ASA inside interface on core.
Pls do rate post if it helps
THANKS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide