Solved: Router on a stick with Firewall solution (inter-vlan routing)

t.singletary · ‎01-23-2017

I want to do a inter-vlan routing solution with a firewall in the solution. what would the topology look like? The Firewall will need to be able to do trunking right?

Router

Firewall

Switch

Network devices

Mohammed al Baqari · ‎01-23-2017

That's not a good design. Always place L2 device between Router and Firewall. In the future if you want to introduce a new redundant ASA, you will need to recable.

View solution in original post

Rahul Govindan · ‎01-23-2017

Sure, you can configure a firewall on a stick by breaking a single interface into sub-interfaces, each having its own VLAN. The original physical interface acts as a trunk without the need to specify any config. The sub-interfaces behave as completely different interfaces logically although they use the same physical interface. On the core switch, it will ideally be trunk port for the link towards the ASA carrying the vlans that need to be protected.

A good example is given here:

http://www.petenetlive.com/KB/Article/0001085

t.singletary · ‎01-23-2017

Can the FW connect directly to the Router and the Router to Switch Trunk for inter- Vlan routing ?

Making the LAN DG the Switch to force traffic thru the switch.

Francesco Molino · ‎01-23-2017

I don't get you. Make a quick sketch to see what you're thinking please.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

t.singletary · ‎01-23-2017

Can the router force all traffic to the FW ?

ISP

TO

Serial0/0

Router> Ethernet 0/0 To <FireWall

Ethernet 0/1

To

(Trunking)

Switch

To

VLAN 10, 20 ,30

Francesco Molino · ‎01-23-2017

Yes it will works. Sub interfaces will be created on ASA as explained before.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Mohammed al Baqari · ‎01-23-2017

That's not a good design. Always place L2 device between Router and Firewall. In the future if you want to introduce a new redundant ASA, you will need to recable.

LuvAggarwal61728 · ‎01-11-2020

how can you place a switch between router and firewall? how will the traffic flow from switch out to all the ports through the firewall? Firewall only has 1 or 2 ports to pass traffic.

Francesco Molino · ‎01-23-2017

Hi

You can do a trunk on the switch side and using sub interfaces on Cisco ASA (If it's Cisco). Others can do as well. This is for all ASA models except ASA 5505.

On ASA 5505, you can create trunk interface and using vlan interface (like a switch).

Thanks

PS: Please don't rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

venus.grc · ‎11-14-2021

Hi. Is it possible to have router on a stick + l2 switch + firewall on a stick as i need additional subnets to be routed over the firewall? Is that possible. 2 router on a stick on a network?