cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ASA and router on the stick

The_guroo_2
Explorer
Explorer

Gents we have a router which is connected to internet and on lan side we it is connected to cisco 3750 Stack. We have two vlans running and router is configured as router on the stick.

There is a stealhead between router and switch as well (inline) we have a requirement to add a firewall between switch and router the firewall we have is 5520. Keeping in mind the router has only one link connected to switch i am wondering what would be the best design? transparent firewall ??

can someone please guide me what to do. i just need some steps

1 REPLY 1

Akshay Rastogi
Cisco Employee
Cisco Employee

Hi,

Transparent firewall indeed looks a better option in this scenario. You could create sub-interfaces on ASA for your concerned vlans and assign them in a 1 bvi per subnet(or per vlan subnet you could say).

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/interface_complete_transparent.html

Do not forget to allow traffic with access-list on Ingress and Egress interface.

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: