Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
1
Replies

Cisco ASA Firewall 5510

ray_stone
Level 1
Level 1

‎07-02-2013 05:56 AM - edited ‎03-11-2019 07:06 PM

Hello Experts,

As you aware that we can create VLAN on asa 5505 firewall and assign multiple interfaces of firewall to the VLAN. My question here is for cisco asa model 5510 wherein we can't create VLANS but we can create sub interfaces and can assign the VLAN ID and making the trunking port of that interface on which the sub interface is created, multiple VLANS traffic can be moved that is understood but if talk about two switches being used for redundancy purpose then how would be the connectivity in between the firewall and the two switches. Can somebody please help in this as I'm designing a network here? Thanks.

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎07-02-2013 06:23 AM

Hi,

As you noticed the ASA5505 is completely different when configuring Vlan related configurations. Mainly because unlike the other models it contains a builtin switch module. Other ASA models have normal L3 ports only which can be configured as Trunks.

To me it seems you have couple of options of which only 1 seems likely

  • Port-channel / Etherchannel
    • Software 8.4(1) requirement
    • To be able to connect to 2 different switches, the switches have to use either vPC or be a VSS pair. Simple switch stack wont do. This to my understanding would cause outage if either of the switches booted.
  • Redundant interface
    • Configure pair of physical ports to belong to a logical Redundant interface
    • Configure this Redundant interface with Trunking just like any physical ASA interface
    • Only one of the physical interfaces would be used at one given time. When the active one fails the second will take over therefore utilizing the link to the other switch.

Judging by your ASA model I would presume you are not using any devices as switches that would support the first setup with Port-channel. Then my knowledge of switch models and what they support is very very limited so I might be wrong here also.

So to implement the redudant interface configuration you could use this as an example

interface Redundant1

member-interface FastEthernet0/1

member-interface FastEthernet0/2

interface Redundant1.100

description LAN

vlan 100

nameif LAN

ip address 10.10.100.1 255.255.255.0 standby 10.10.100.2

interface Redundant1.200

description DMZ

vlan 200

nameif DMZ

ip address 10.10.200.1 255.255.255.0 standby 10.10.200.2

interface Redundant1.300

description WIRELESS

vlan 300

nameif WLAN

ip address 10.10.30.1 255.255.255.0 standby 10.10.30.2

Here is a link to a Cisco ASA Configuration Guide for software level 8.2 with more information about the use of Redundant interfaces

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/intrface.html#wp1062296

Hope this helps

Please do remember to mark the reply as the correct answer if it answered your question.

Ask more if needed

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card