ASA5506 connection with xconnect interface - L2TPv3

capluz · ‎08-22-2017

Hi All,
Previously we have a Cisco 892FSP connected to our LAN switch (C2960) which configured with xconnect interface and connected directly to our LAN switch. We have site office that is established with l2tpv3 tunnel. Now we added a new firewall (ASA5506) between 892FSP and our LAN switch. Here are the things that I am not sure:

1. In ASA5506, how to configure the vlan for inside and outside interface? The firewall running in transparent mode but the vlan has no IP Address as our client not willing to share the information. What IP address should i configured for BVI interface? Is it possible to be done without the VLAN IP address?
2. 892FSP router interface that will be connected to ASA5506 is configured with xconnect, how do I integrate between these two as xconnect interface has no ip address configured.

Here I attached the network design for reference. Appreciate if you guys could give some ideas. Thank you

sbhadrav@cisco.com · ‎05-17-2018

If this is the case, and you're running the ASA in transparent--not routed--mode, it would seem you'd assign an IP address from the existing subnet to the BVI interface. As I understand it though, a BVI IP is only required for managing the ASA (see question at supportforums.cisco.com/t5/firewalling/asa-transparent-bridging-and-bvi/

You might also find www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/ helpful, but this is specifically for IOS 12 and I didn't see either what IOS the routers are running, or the version of ASA you're configuring so you might have to do a little more digging.

Florin Barhala · ‎05-17-2018

As mentioned BVI IP address is used for management.
Since ASA is/should run on transparent mode just make sure you configure BVI IP from the same subnet as the management vlan of that 2960 switch.