Dear sir,

Thanks for reply and i have 3 servers connected to switch and i want to communicate that servers through the firewall asa5505

plz tell me how can i config the firewall.

srini

how many internal physical interfaces on ur firewall u can use?

Dear sir,

i have 7 ethernet ports and we can use

srini

what you need to do is:

creat three vlans on your swtich and dont creat any vlan interface on the switch to avoid any vlan routing

lets say u created vlan 10, 20 , 30

put each server in a vlan

interface fa0/1

switchport access vlan 10

the same for each server

also reserve a firewall interface for each vlan and make the IP addressing of each server and firewall interface within the same vlan in the same ip addresing range

and make each interface in a corsponding vlan in the switch

let say inteface fa0/2 will be connected to the firewall so make it on vlan 10

and the same for each vlan and server

SERVER1--vlan10--switch--vlan10--firewall interface 1

server2--vlan20--switch--vlan20--firewall interface 2

and so one

in this case each server will communicate with firewall interface that its on the same vlan

lets say server 1 ip address is 10.1.1.5 and as we said server in vlan 10

now lets say in the firewall interface hat connected to the switch interface in vlan 10 is fa0/1

so give this firewall interface ip address as 10.1.1.1

now the default gateway for server 1 will be 10.1.1.1 which is the firewall interface that reside in the same vlan

and the same for all servers and their vlans

the communications between servers will be through the firewall

dont forget if u give each interface deffrent security level make the right ACL to allow comunication between them

the config will be only firewall ACLs and apply it in the right direction

do it if anything stoped let me know

good luck

please Rate if helpful

for more help

let say this is the fire wall interface connected to the switch port that is in vlan 10

interface fa0/1

nameif inside1

security-level 55

no shut

ip address 10.1.1.1

server ip address 10.1.1.5 default gateway 10.1.1.1

lets say server one in vlan 20 has ip address 20.1.1.1

and its defaultgate way the ip address of the firewall interface that connect to the switch port in vlan 20

lets say 20.1.1.10

so if you want server1 communicat with server2

make acl

access-list 100 permit ip host 10.1.1.5 host 20.1.1.1

access-group 100 in interface inside1

and so on ...

Dear sir,

Thanks for ur great on time support and iam very greatfull to u.

I tried ur config its working fine,

Thanks for netfourms and great support from u.

Thanks&Regards

srini

i am so happy its work

and u welcome :)