Multiple VLANs behind single firewall segment?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2012 12:23 PM - edited 03-11-2019 03:24 PM
Here is what I need to do. I need to create a firewalled segment that not only separates hosts from general population, but also from each other. The solitary confinement of firewalled segments.
I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible. 1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.
Is there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
Kind of like this?
VLAN 1 - hosts 1.1.1.5 and 1.1.1.6 | |
VLAN 2 - hosts 1.1.1.7 | Firewall DMZ Interface - 1.1.1.1 |
VLAN 3 - hosts 1.1.1.8 and 1.1.1.9 |
This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.
So, 1) does this make sense? and 2) is it possible?
I'm working with an ASA 5510 running 8.2.4(4).
Thanks.
Jason
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2012 12:42 PM
HI there,
Please read this thread at below link, it was very much similar implementation was done.
https://supportforums.cisco.com/message/3546019#3546019
Thanks
Rizwan Rafeek
