Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
694
Views
0
Helpful
5
Replies

Need help with 5505 layout

Go to solution
Joe Lentine
Level 1
Level 1

‎10-07-2012 01:35 PM - edited ‎03-11-2019 05:05 PM

Hello All,

Need to re-design our network layout to accompany guest networks and some seperate vlans.  Currently we are 1 vlan connected directly from a 2950 to a 5505 asa.  I would like keep vlan 1 the same so I dont have to reconfigure all of our statics on the pc.. so basicly here is our setup

2950 --------------->asa5505 (192.168.1.1)

switch        vlan 1        

192.168.1.x /24 

what i would like to do is this

3560--------->asa5505

with vlans 1,2,3,4

but as far as the connectivity between the 3560 and the asa is where i get lost... since technically the 5505 is defined for layer 2, what is the best way to get from the 3560 to the asa.?

any help would be much appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harish Balakrishnan
Spotlight
Spotlight
In response to Joe Lentine

‎10-08-2012 03:06 AM

Hello Joe,

Since you have a Layer 3 switch, I would suggest to go ahead and configure all your user vlans on 3560 and a default route from 3560 towards ASA using another vlan access port as you said, then static route on ASA towards you internal Vlan pointing back to your switch.

If you do not want the internal Vlan to talk each other, you can use ACL or PBR to accomplish that..

regards

Harish.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Stuart Gall
Level 1
Level 1

‎10-07-2012 03:13 PM

Not sure I follow you.

You can configure a trunk from the switch to the Asa then do

interface Ethernet0/1

nameif inside

security-level 100

no ip address

interface Ethernet0/1.2

vlan 2

nameif Insidelan2

security-level 100

ip address 192.168.2.1 255.255.255.0

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Joe Lentine
Level 1
Level 1

‎10-07-2012 03:44 PM

Perhaps I can make this more clear.

What is the best way of getting to the Asa from the 3560.

Here are thoughts from my experience. And also my Asa dosent have trunking in this iOS.

1. Create a separate vlan between the Asa and 3560 to carry all vlan traffic to Asa.( which I believe I tested to work once).

2( I don't think this works but someone told me it would) is leave the Asa how it is (inside if 192.168.1.1 vlan 1. Then on 3560 set port connecting to Asa as routed port with 192.168.1.2/24 and route to Asa. But it dosent make sense to have the same subnet on both sides of a router??? Right?

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Stuart Gall
Level 1
Level 1
In response to Joe Lentine

‎10-07-2012 03:56 PM

With a base license you can have two VLANS; more if you do not route them with

no forward interface vlan number

If you are routing why not just re-ip the link with the asa.

A router will get confused with two interfaces on different subsets with the same ip range.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Joe Lentine
Level 1
Level 1

‎10-07-2012 04:07 PM

That's what I was thinking...

So for instance. If I have all my internal vlans on the 3560 and then say for the sake of argument make vlan 80 from the 3560 to the Asa both regular access ports, everything should work fine as long as the Asa knows about the vlans on the 3560...

Does this sound right?

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Harish Balakrishnan
Spotlight
Spotlight
In response to Joe Lentine

‎10-08-2012 03:06 AM

Hello Joe,

Since you have a Layer 3 switch, I would suggest to go ahead and configure all your user vlans on 3560 and a default route from 3560 towards ASA using another vlan access port as you said, then static route on ASA towards you internal Vlan pointing back to your switch.

If you do not want the internal Vlan to talk each other, you can use ACL or PBR to accomplish that..

regards

Harish.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card