Re: ASA 5510 help

raj_bjs77 · ‎02-18-2007

Let's say I have the following configured on my ASA 5510:

Internet

|

ASA-----DMZ

|

Catalyst 3560

|

LAN

interface ethernet1.99

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0 standby 192.168.1.14

vlan 1

exit

interface ethernet1/1.100

nameif inside

ip address 192.168.2.1 255.255.255.0 standby 192.168.2.2

vlan 2

exit

As you can see the ASA has my users and servers are connected to vlan 2 and vlan 1 will be used for managing the routers, switches, and firewalls.

My question is the configuration for the firewall correct and what type of configuration would I need to do on the switch? whether i need to make the port on the switch as L3 which is connecting to inside interface of ASA.

Thanks

shyamatopsource · ‎02-18-2007

Hi,

Your config looks good.

Now whether we need a layer 2 switch or layer 3 switch well.... since your ASA has only one vlan to the inside interface..i think it would make do with a layer 2 interface and it would look at the mac addresses of the dest to transfer them accordingly

If someone could shed more light..

Thanks

Shyam

raj_bjs77 · ‎02-18-2007

HI,

My plan is to add more vlan in the inside interface. I have L3 switch with 2 switches for redundancy. How to configure the switch and ASA inside interface for the traffic to flow for all vlans between. Whether i can enable HSRP on the two switches and configure the vlan as hsrp which will connect to inside interface of ASA

pls help

Thanks

shijasm · ‎02-18-2007

Isn?t it a good idea to Configure Your L3 Switch your core VLAN and configure your Firewall as normal with DMZ.

raj_bjs77 · ‎02-19-2007

Hi,

I am not clear. can you explain in more details pls..

thanks