09-23-2021 12:03 PM
So I have a ASA 5555, coming off it I have a L3 Switch. This switch has its own set of VLANs that I would like to keep seperate from another vlan database on another L3 switch hanging off it as well that houses a seperate network. I would like to be able to monitor the network from one side to the other with NMS software and scans etc. Should I have a router on a stick configuration for the interfaces to allow the vlans to communicate with the inside network for SNMP and other software and how will this interfere with VLANs that may have the same id, wouldn't those machines essentially be able to talk when that is not the intended behavior. I was going for being able to monitor each network but essentially routing to another network allowing each to have their own vlan database without them bleeding into each other.
Solved! Go to Solution.
09-23-2021 12:19 PM
So you have L3 switch > ASA > L3 switch?
If each L3 switch has an SVI for the local networks, configure a routed link between the switch and the ASA. Define static routes on the ASA to each network, via the next hop, the ASA won't know about the VLAN IDs. You'll obviously have to permit traffic via an ACL inbound on the ASAs interface.
09-23-2021 12:19 PM
So you have L3 switch > ASA > L3 switch?
If each L3 switch has an SVI for the local networks, configure a routed link between the switch and the ASA. Define static routes on the ASA to each network, via the next hop, the ASA won't know about the VLAN IDs. You'll obviously have to permit traffic via an ACL inbound on the ASAs interface.
09-23-2021 01:25 PM
09-24-2021 07:39 AM
I pretty much had already set things up this way turns out there was a software config issue with repositories not being configured for particular subnets after deep diving into everything. Thanks !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide