Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
0
Helpful
1
Replies

ASA external connections on a 3650 Vlan

englishpablo
Level 1
Level 1

‎01-06-2011 05:51 AM - edited ‎02-21-2020 04:12 AM

I have just purchased 2 x 3650 cisco switches which will sit alongside the 2 x ASA 5510's i have installed.

Ok issue is i only have a single inbound internet connection and as I am implementing  VLAN's on the switches have created one for the external connection and the 2 extermal ASA interfaces.  WHat i need to do is restrict traffic to this vlan to make sure no traffic is being allowed through it i.e. bypassing the firewall rules.

Also I have created a separate VLAN for the HA failover connections, so want these 2 to talk to each other but no other traffic obviously.

Advice anyone?

0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎01-09-2011 05:14 PM

For your external/internet VLAN, I would suggest that you only configure L2 interface (VLAN) but not L3 (interface VLAN with ip address) so that connectivity will always go through the ASA firewall. ASA will have default gateway pointing towards the router interface ip address, and the switch should not have any ip address assigned to the external/internet VLAN.

Same goes to the failover VLAN. Only configure L2 interface for the failover VLAN, and configure the ASA failover interface with a /30 subnet as you only require 2 ip addresses in that subnet (one for the primary ASA and the other for the secondary ASA). The failover interface is for failover only traffic and no other traffic can pass through this subnet.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card