Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1351
Views
10
Helpful
4
Replies

How to configure ASA firewall and cisco switch 3560 to deliver below project

ismailmorakinyo3
Level 1
Level 1

ā€Ž08-29-2019 07:46 PM - edited ā€Ž02-21-2020 09:26 AM

Hi,

Please, i have an issue with a small project am handling in my office...

I want to set up a NOC for our customers about four of them on  a
separate network from existing office network.

I have a 5506-x asa firewall with plus license and a 3560 switch for the setup.

I want to be able to have 4 vlans, one for each customer

I want to be able to to do s2s vpn to each customer

I want to be able to have internet on 4pcs connected to the switch on each vlan.

Please assist.

Labels:
0 Helpful
4 Replies 4

Dennis Mink
VIP Alumni
VIP Alumni

ā€Ž08-29-2019 08:15 PM

Sounds like your home work. What have you got so far and where are you getting stuck??
Please remember to rate useful posts, by clicking on the stars below.

ismailmorakinyo3
Level 1
Level 1
In response to Dennis Mink

ā€Ž08-29-2019 08:39 PM

Thank you for your quick response:

 

I have loaded the security plus license on the ASA 5506-X for me to be able to create more vlans 

I have created four vlans on the firewall and configured the outside interface that will be connected to the ISP.

The challenge now is how to propagate the vlans to the switch and how to ensure there is internet connection whenever i connect PC to the switch on the four vlans.

Also i want to be able to setup site-to-site vpn between my firewall and customers firewall 

Thanks in advance

0 Helpful

ismailmorakinyo3
Level 1
Level 1
In response to ismailmorakinyo3

ā€Ž08-29-2019 08:54 PM

Kindly find attached the sketch for what i want to achieve

Preview file
175 KB
Preview file
199 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to ismailmorakinyo3

ā€Ž08-30-2019 12:46 AM

here is the basic config to start with :

 

Switch

 

interface GigabitEthernet1/0/1   << --- change the port connect toASA
switchport mode trunk

!

interface gi 1/0/2

switchport access

swich port access vlan 1

!

interface gi 1/0/2

switchport access

swich port access vlan 2

 

 

ASA

 

interface GigabitEthernet1/X   << where this port connect to switch
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/x.1
vlan 1
nameif Inside_vlan1
security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface GigabitEthernet1/x.2
vlan 2
nameif Inside_vlan2
security-level 100

ip address 192.168.2.1 255.255.255.0

!

interface GigabitEthernet1/x.3
vlan 3
nameif Inside_vlan3
security-level 100

ip address 192.168.3.1 255.255.255.0

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card