cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community

Check out new innovations in SD-WAN, ISRs, SD-WAN Services, and Catalyst 9000 Series switches


134
Views
0
Helpful
2
Replies
Beginner

ASA interface

I have been giving the task of moving are ASA into VLAN 995, change inside IP and Move all L3 sub-interfaces to a single, trunked L2 port-channel. All future L3 interfaces will be housed upon this new L2 port-channel. I have never done this and would like to know how do make these changes.

Any help out there

Everyone's tags (1)
2 REPLIES
Highlighted
VIP Advisor

Re: ASA interface

Hello


@kjefferson1 wrote:

I have been giving the task of moving are ASA into VLAN 995, change inside IP


I think I understand this first part -
 
Create L3 vlan 995  interface on the L3 switch and then assign two access ports to vlan 995 in a port-channel and attach the two physical asa ports GigabitEthernet0/1-2 to them

On the asa you change portchannel 1 ip address to the same subnet as the newly created vlan 995

interface Port-channel1
description vPC to N3K-1 -> N3K-2 -->Inside
port-channel load-balance vlan-src-dst-ip
nameif inside
security-level 100
ip address 10.1.1.2 255.255.255.0 <---change to new ip address in vlan 995
dhcprelay information trusted

interface GigabitEthernet0/1
description TO->N3K-1-vPC
channel-group 1 mode active


interface GigabitEthernet0/2
description TO->N3K-2-vPC
channel-group 1 mode active

 

 


 


and Move all L3 sub-interfaces to a single, trunked L2 port-channel. All future L3 interfaces will be housed upon this new L2 port-channel. I have never done this and would like to know how do make these changes.

This i am not so sure about can you elaborate on what you trying to do?



kind regards
Paul

Please don't forget to rate any posts that have been helpful.
Beginner

Re: ASA interface

Thanks for the info here a list of what i was trying to do

 

  1. Layer 2 Networking
    1. Extend Vlan 997 and 998 from Nexus 3K to UCS B Series Fabric Interconnects- Done
    2. Add Vlan 997 and 998 to UCS LAN Cloud and add to blade Service Profile - Done
    3. Create new VMWare Port Groups for Vlan 997 and 998 and assign to Expressway Edge VM - Done
  2. Layer 3 Networking
    1. Virtual Port Channel (vPC) does not support routing, doing so can lead to loops
      1. Cisco Supported vPC Topologies
    2. Create new L3 Routing Vlan 995 on Nexus 3K pair - Done
    3. Complete new 1G/10Gb connection between Nexus 3K pair, assign as access port in Vlan 995 - Done
    4. Exempt Vlan 995 from Port-Channel1 (vPC Link) - Done
    5. Move ASA into Vlan 995, change inside ip [Best practice]
  3. ASA Networking
    1. Move all L3 sub-interfaces to a single, trunked L2 port-channel [Best practice] - Done
    2. All future L3 interfaces will be housed upon this new L2 port-channel [Best practice]
    3. Decommission existing DMZ port channel and physical interfaces
    4. Create new DMZ.997 and DMZ.998 for support of MRA Dual Interface design - Done
    5. NAT MRA Public IP’s to new MRA LAN2 IP’s - Done
      1. expedge1.mariani.com 69.110.160.149 > 10.1.254.11
      2. expedge2.mariani.com 69.110.160.150 > 10.1.254.12
    6. Update ACL on “outside” interface to permit MRA ports inbound to MRA LAN2 - Done
    7. Create new ACL’s for DMZ.997 and DMZ.998 to permit Expressway Edge communications - Done
  4. Expressway Edge
    1. Apply advanced networking license - Done
    2. Add second interface and IP - Done
    3. Update internal forward and reverse DNS to reflect new LAN1 IP - Done
      1. expedge1.mariani.com 10.1.253.11
      2. expedge1.mariani.com 10.1.253.12
    4. Ensure ATT is routing 110.160.149 and 69.110.160.150 to ASA at 104.0.222.10

 

  1. Expressway Core
    1. Update Traversal Zone to include both Edge appliances - Done
  2. Other Items
    1. Add Reverse DNS for mpc-expc-01.mariani.mariani.com1.11.26 - Done
    2. Upgrade all Expressway appliances from X8.8.2 to 8.10.4  - Done
CreatePlease to create content
Content for Community-Ad