Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1327
Views
0
Helpful
3
Replies

ASA 5555

Go to solution
DerekLazarus78183
Level 1
Level 1

‎09-23-2021 12:03 PM

So I have a ASA 5555, coming off it I have a L3 Switch. This switch has its own set of VLANs that I would like to keep seperate from another vlan database on another L3 switch hanging off it as well that houses a seperate network. I would like to be able to monitor the network from one side to the other with NMS software and scans etc. Should I have a router on a stick configuration for the interfaces to allow the vlans to communicate with the inside network for SNMP and other software and how will this interfere with VLANs that may have the same id, wouldn't those machines essentially be able to talk when that is not the intended behavior. I was going for being able to monitor each network but essentially routing to another network allowing each to have their own vlan database without them bleeding into each other.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎09-23-2021 12:19 PM

@DerekLazarus78183 

So you have L3 switch > ASA > L3 switch?

 

If each L3 switch has an SVI for the local networks, configure a routed link between the switch and the ASA. Define static routes on the ASA to each network, via the next hop, the ASA won't know about the VLAN IDs. You'll obviously have to permit traffic via an ACL inbound on the ASAs interface.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎09-23-2021 12:19 PM

@DerekLazarus78183 

So you have L3 switch > ASA > L3 switch?

 

If each L3 switch has an SVI for the local networks, configure a routed link between the switch and the ASA. Define static routes on the ASA to each network, via the next hop, the ASA won't know about the VLAN IDs. You'll obviously have to permit traffic via an ACL inbound on the ASAs interface.

0 Helpful

Go to solution
DerekLazarus78183
Level 1
Level 1
In response to Rob Ingram

‎09-23-2021 01:25 PM

Yes
0 Helpful

Go to solution
DerekLazarus78183
Level 1
Level 1
In response to Rob Ingram

‎09-24-2021 07:39 AM

I pretty much had already set things up this way turns out there was a software config issue with repositories not being configured for particular subnets after deep diving into everything. Thanks !

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card