I am looking for suggestions on the best way to place an ASA firewall on a large multi-VLAN network in such a way that it would protect the "management VLAN" (where all of the Cisco switches and some servers are assigned IPs) from the other VLANs on the network infrastructure?
It seems to get pretty complicated when you really think about it. Every VLAN has an SVI on the primary core switch and all of the VLANs are automatically routed between one another right now--including the management VLAN.
To complicate matters, we have a foreign network (DMZ) that is terminated with an IP connected to the management VLAN with a routing rule in the primary core switch to route all DMZ-bound traffic to that particular IP. So, this VLAN is actively used for routing out traffic.
Anyone have any ideas on how I can do this and prevent my migraine from getting any worse?