Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
618
Views
0
Helpful
5
Replies

Cisco ASA 5506-X with a single server

emilyforcisco1
Level 1
Level 1

‎12-13-2016 01:36 PM - edited ‎03-12-2019 01:39 AM

The old ASA 5505 had a built-in switch, but that's not the case with the 5506-X. I'm wanting to stick a firewall and single VMware server at a data center for some DR failover needs. I think if I only connect one NIC of the VMware server this should work, but if I need more than one NIC (like the iDRAC), then I'm either going to need a small switch, or I'll have to put the iDRAC on a different VLAN. Should this work (putting the iDRAC on a different VLAN), or am I going to need a switch to make this work?

Labels:
0 Helpful
5 Replies 5

mattjones03
Level 1
Level 1

‎12-13-2016 01:54 PM

Hi,

You are likely to require to place the DRAC interface onto a dedicated interface, as this is delivered directly from the server chassis, and not part of the VMware hypervisor delivery.

In this instance, I would suggest that you purchase a small switch for this that is 802.1q aware.

The Cisco Small Business (SG) range of switches would suffice.

0 Helpful

mattjones03
Level 1
Level 1
In response to mattjones03

‎12-13-2016 02:41 PM

Dennis, has a point. The ASA 5506 does have 8 x 1 Gigabit Ethernet (GE).

Cisco ASA 5506 (Data Sheet)
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html

With this in mind, you will be able to proceed without purchasing an additional switch, and deliver the solution you intend with the hardware you already have.

0 Helpful

Karsten Iwen
VIP
VIP
In response to mattjones03

‎12-13-2016 02:53 PM

The new software that gives the 5506 a switching mode is not yet available. At the moment all interfaces are routed interfaces and there are no vlan-interfaces as on the 5505.

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎12-13-2016 02:01 PM

As always, it depends

But these 5506 have multiple Ge ports (8 of the top of my head),

so for instance, If you needed 2 devices in your internal or DMZ (vmware and IDRAC),

you could plug these 2 into the 5506 and assigning to vlan 100 for instance, the interface vlan 100 on that same ASA could be your named inside or DMZ interface, and all security would be applied to that vlan interface not the physical interface.

so I would think you dont need an additional switch

cheers

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Karsten Iwen
VIP
VIP

‎12-13-2016 02:13 PM

Another way to solve the problem: If this is a really limited scenario, you could configure the ASA as transparent firewall. There you can have all interfaces in one IP-subnet but still have full control for the communication between all interfaces.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card