03-29-2013 07:41 AM - edited 03-11-2019 06:21 PM
I am trying to connect 2 VMWARE servers directly to my 5515-X firewall.
And this is the configuration I am looking for:
Gi0/0 - outside (already configured and working)
Gi0/1 - inside (already configured and working)
Gi0/2 - trunk with VLAN 1 + 2 + 3 + 4 + 5 for VMWARE server1
Gi0/3 - trunk with VLAN 1 + 2 + 3 + 4 + 5 for VMWARE server2
Gi0/4 not used
Gi0/5 not used
ASDM will not let me assign the same VLAN to both Gi0/2 and Gi0/3. I dont want to connect my VMWARE servers to a switch first (that just adds one more component that can fail)
I really hope this simple configuration is possible
Thanks in advance
Carsten
03-29-2013 07:45 AM
I think you are stuck introducing a switch, sorry.
-- Jim Leinweber, WI State Lab of Hygiene
03-29-2013 07:46 AM
Hi,
I think this was only possible in the ASA5505 model which has the built in switch module.
I wonder if configuring a Gigabit Etherchannel using the Gi0/2 and Gi0/3 would be possible? I am not that familiar with the server side.
I think the basic configuration format on the ASA side would be
interface GigabitEthernet0/2
channel-group 1 mode active
interface GigabitEthernet0/3
channel-group 1 mode active
interface Port-Channel1
interface Port-Channel1.10
description Vlan 10
vlan 10
nameif vlan10
security-level 100
ip add 10.10.10.1 255.255.255.0
interface Port-Channel1.20
description Vlan 20
vlan 20
nameif vlan20
security-level 100
ip add 10.10.20.1 255.255.255.0
- Jouni
03-29-2013 08:28 AM
Doesn't an etherchannel require a single device on the other side, e.g. that pesky switch again?
I don't think you can make an ethernet channel with two participants going to two separate unrelated devices. Even with LACP for the bundle negotiations (e.g. "channel-group N mode active") the most separation you can get is two different member switches in a single unified stackwise group.
Also, you'd need recent ASA firmware, like 9.0(2), as 8.6 on the ASA didn't have etherchannel.
I've been keeping the ASA etherchannel ploy in mind for my pending 5525-X upgrade, as depending on traffic levels, I might want it on what is currently an ordinary singleton trunk port interface (replacing an 5520 running 8.2 firmware). I'll have to add this item to my test lab R&D queue.
-- Jim Leinweber, WI State Lab of Hygiene
03-29-2013 08:33 AM
I have updated to latest ASDM and firmware, so I do have etherchannel, but I unsure if that will work ... and I might add one more VMWARE server later
09-24-2017 07:10 AM
Hi everyone!
I'm going to purchase Cisco ASA 5506-X-K9 Sec Plus device. I have plans to build the following schema:
As you can see here are two VMWare ESXi servers connected to ASA5506-X firewall. vSwitch of each server has two vlans (vlan3 - inside area, vlan4 - DMZ). So I want to configure vlan trunks between ASA and VMWare. I need vlan trunks to save more ports of my VMWare server for another needs (SAN, redundacy links, additional servers interlinks and etc.).
Can anybody tell me is it possible on Cisco ASA5506-X?
09-24-2017 08:20 AM
The ASA supports 802.1q trunks and can be configured with the subinterfaces necessary to act as a gateway for the resepctive subnets.
That's slightly different than the VLAN (layer 2) support you asked about but I believe it satisfies the requirement as I understand it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide