Solved: Seems that correct way

mahesh18 · ‎08-16-2015

Hi everyone,

I have two networks one for LAN users other for WIFI users.

Network 1

ASA1 users are connected and getting IP in subnet 10.0.0./24

vlan 1 10.0.0.0/24

Network 2

AP----10.31.2.37/24----Switch--Layer2-------trunk vlan 2 and 3-----------------------ASA2-----

|

WLC 10.31.2.35/24

Where AP,switch and WLC have their gateway to ASA2 IP 10.31.2.33

where vlan 2 is management vlan in Network 2.

Vlan 2 10.31.2.33/24

I want that users PC connected to ASA1 on IP 10.0.0.0/24 should be able to access WLC and AP on 10.31.2.0/24 subnet?

Should i create vlan 2 on ASA1 and directly connect two interfaces of ASA1 and ASA2?

If i connect ASA1 to switch then traffic from user PC flows like this

PC-----ASA1-------Switch----AP-----

Return traffic from AP goes to switch then to -----> ASA2 and traffic is dropped by ASA2 as it has not seen inital syn.

Regards

Mahesh

Richard Bradfield · ‎08-16-2015

Obviously there is a reason for the 2 ASAs, so I would have link between the 2 ASAs with a /30

address, then use static routes on the ASAs

so say new link on ASA1 have Ip address of 10.255.255.1/30

and ASA2 have ip address of 10.255.255.2/30

then static route on ASA1: route 10.31.2.0/24 10.255.255.2

and on ASA2 route 10.0.0.0/24 10.255.255.1

HTH

Richard Bradfield · ‎08-16-2015