Question regarding configuration of ASA 5512-X

johnk · ‎05-22-2013

I have a customer who needs a 5512-X set up with two ports on the "Outside" interface and act like a switch on the outside. This is very easy to do with the way the ASA 5505 works just by creating vlans and treating the ports as members of the vlan.

Can anyone tell me the easy way (I'm sure there is one) to do this?

Thanks in advance.

John

Jouni Forss · ‎05-22-2013

Hi,

I cant really think of a way to do this with a ASA that doesnt have a built in switch module. And the ASA5505 is really the only one at that.

First I was thinking of Redundant interfaces (where you connect 2 physical interfaces to a single logical interface) but in this setup the other physical interface is always Standby and not active.

I too have used the ASA5505 to do exactly what you are asking but I cant think of a way to do this on the other ASA models.

What is the setup you are trying achieve with this?

- Jouni

johnk · ‎05-22-2013

Hi Jouni,

I'm basically trying to avoid having to buy an outside switch. Trying to reduce moving parts and failure points (simpler is better).

I'd rather not set up another "interface" name and set to same security and allow all traffic due to the complications of NAT down the road, although I think technically it would work...

Thanks for your input.

Jouni Forss · ‎05-22-2013

Hmm,

I kinda wonder if using the ASA in Multiple Context mode with mixed Routed and Transparent Security Contexts would in some way enable to do what you are attempting to do? I think in the newer softwares you can actually create both transparent and routed contexts.

I have never tried this yet so I cant give you an answer at the moment.

But I cant think of anything else.

To me it seems that with Security Plus license on your model the ASA would support Security Contexts

http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license_86.html#wp2161439

- Jouni