10-27-2022 01:46 AM
Hello,
I have a layer 3 switch (Cisco Catalyst 3650) with multiple vlans configured on it, and connect to this switch to inside interface of ASA.
My goal is make all vlans can go through firewall and asa route beetween VLAN-s not Layer3 switch.
Inside interface of firewall can access only one vlan (default). I don't want to create subinterfaces on asa.
I want to keep all vlans on switch and just route traffic on asa for Internet access and create policies for traffic beetween vlan-s.
If I create static routes beetween switch and asa and back and create the policies beetween subnets (vlans) on asa is this topology can work?
10-27-2022 05:42 AM
config PBR in each VLAN SVI next-hop is FW
config static route in FW for each VLAN subnet toward the L3SW
note:- it better to use transit VLAN between L3SW and FW, this VLAN not include any host.
10-27-2022 05:51 AM
thanks, i think so, the transit vlan is the default vlan of the switch. The question is that this topology is working?
10-28-2022 03:43 AM
I dont see anything make it not work.
try with VLAN and check.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide