If you have two subnets you

The_guroo_2 · ‎03-16-2016

Gents

The current setup is that he have a WAN router which connects the network to corporate network via IPMAN (which is router on the stick) two sub interfaces which connects to a switch stack. recently we have to add a security so we have to introduce a ASA between the router and the switch. I guess the best way is to do the transparent as we have lot of servers in the environment and third party manages it so to make it simple i guess we can use the ASA 5510 as transparent (less impact and easy)

now on router we have (just for example) G0.0 192.168.1.1 and G.01 192.168.2.1

i am totally confused how many BVI's we need and what would be the physical connectivity like (do i have to make subinterfaces as well on firewall)

how many vlans i have to configure and how many BVI's

Marius Gunnerud · ‎03-17-2016

If you have two subnets you need to connect through the ASA then you must configure subinterfaces on the ASA. This is because you will require 4 VLANs and the ASA only supports VLANs on its subinterface. Of those 4 VLANs two will go to 192.168.1.0/24 network (one vlan for inside on vlan for outside) and two VLANs will go to 192.168.2.0/24 network.

You will also only require two BVIs. Keep in mind that BVIs don't scale very well as the ASA only supports 8 BVIs, meaning you will only be able to pass 8 subnets through the ASA.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

ASA transparent mode issue