Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
3
Replies

ASA with VLAN-s behind inside interface

tibi01
Level 1
Level 1

‎10-27-2022 01:46 AM

Hello,

I have a layer 3 switch (Cisco Catalyst 3650) with multiple vlans configured on it, and connect to this switch to inside interface of ASA.
My goal is make all vlans can go through firewall and asa route beetween VLAN-s not Layer3 switch.
Inside interface of firewall can access only one vlan (default). I don't want to create subinterfaces on asa.
I want to keep all vlans on switch and just route traffic on asa for Internet access and create policies for traffic beetween vlan-s.
If I create static routes beetween switch and asa and back and create the policies beetween subnets (vlans) on asa is this topology can work?

 

Labels:
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎10-27-2022 05:42 AM

config PBR in each VLAN SVI next-hop is FW 
config static route in FW for each VLAN subnet toward the L3SW 

note:- it better to use transit VLAN between L3SW and FW, this VLAN not include any host.

0 Helpful

tibi01
Level 1
Level 1
In response to MHM Cisco World

‎10-27-2022 05:51 AM

thanks, i think so, the transit vlan is the default vlan of the switch. The question is that this topology is working?

0 Helpful

MHM Cisco World
VIP
VIP
In response to tibi01

‎10-28-2022 03:43 AM

I dont see anything make it not work. 
try with VLAN and check.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card