01-12-2013 02:39 PM - edited 03-11-2019 05:46 PM
Hi,
I have a customer, who has the SVI's configured on the Core (4500x) and this is connected to a ASA 5525x, there is a requirement of restricting traffic between different vlans. Please suggest on how can i use the ASA to accomplish this task.
ACLs on the Switch are not stateful and hence not considering this option, Also we are not planning to configure the GW's on the ASA since there is lot of traffic between the vlan's and this will become a bottleneck
Solved! Go to Solution.
01-12-2013 07:43 PM
If the SVIs stayed on the switch then the traffic will never be sent to the ASA .
-Kureli
01-12-2013 02:42 PM
I will be discussing this issue as well in my upcoming webcast, next Tue Jan 15th. You can configure a port on the ASA as a trunk port and configure sub-interface for each of the VLANS and firewall the traffic between them.
https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts
Upcoming Live Webcast in English: January 15, 2013
Troubleshooting ASA and Firewall Service Modules
Register today for this Cisco Support Community live webcast.
-Kureli
01-12-2013 02:54 PM
Thanks Kureli,
I will attend the webcast, but from my understanding for the above solution the default gateway for all the vlans has to be moved from the core switches to the ASA ?
01-12-2013 03:03 PM
Unfortunately, if you want the ASA to do all the filtering, you will need to move your VLAN Gateways to the ASA.
01-12-2013 07:43 PM
If the SVIs stayed on the switch then the traffic will never be sent to the ASA .
-Kureli
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: