cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
344
Views
0
Helpful
2
Replies

InterVlan ASA

mmarouan
Level 1
Level 1

Hello everyone,

I am new to SA I want to set up an ASA 5525 on a local network in there are VLANs (Vlan print vlan server vlan client vlan wifi Vlan DMZ )
I want how I can configure it and communicate the print and server vlan and client to each other
And for the DMZ it must be consulted in public and internally by vlan server and client

My architecture its :

for the internal vlan (they have the same physical interface " subinterfaces"):
Vlan 2 server (172.16.1.0/24)
Vlan 3 desktop (172.16.2.0/24)
Vlan 4 printer (172.16.3.0/24)
Vlan 2,3,4 some secrity level

and
Vlan 5 DMZ (172.16.4.0/24)
For the vlan DMZ it has a unique physical interface. I have an application web server in the zone DMZ which must communicate with a server in the vlan 2 for the replication MSSQL

thanks in advance

1 Accepted Solution

Accepted Solutions

Rahul Govindan
VIP Alumni
VIP Alumni

You should be able to set up 1 physical interface and break it into sub-interfaces for your internal networks. A good example of this is given here:

http://www.petenetlive.com/KB/Article/0001085

The DMZ can be a standalone interface as there is only 1 VLAN behind it.

Once they are broken up into sub-interfaces, each acts as its own interface with a security level and ip address etc. You can create ACL's to allow traffic from lower security level interfaces to higher ones. traffic from a Higher to lower security level should be allowed without the need to add ACL's.

View solution in original post

2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

You should be able to set up 1 physical interface and break it into sub-interfaces for your internal networks. A good example of this is given here:

http://www.petenetlive.com/KB/Article/0001085

The DMZ can be a standalone interface as there is only 1 VLAN behind it.

Once they are broken up into sub-interfaces, each acts as its own interface with a security level and ip address etc. You can create ACL's to allow traffic from lower security level interfaces to higher ones. traffic from a Higher to lower security level should be allowed without the need to add ACL's.

hello ,

thank you for reply :)

have you a doc step by step ( first setup and configuration of asa)  and Firepower ?

Review Cisco Networking for a $25 gift card