04-21-2019 04:16 PM
Happy Easter Everyone,
I want to connect one of my interfaces to a layer 3 switch that has multiple networks. The switch is configured with Inter-Vlan Routing. Will I be able to route multiple networks on the one interface or does it just like 1 range of IP on the ASA interface. The ASA5505 that I have won't work with Router on a stick as it doesn't let me create sub interfaces...I do have a license for 8 different vlans.
Thanks in Advance.
04-21-2019 05:05 PM
Yes, you can just add static routes for the subnets beind the switch via the switch.
04-22-2019 01:15 PM
Have you thought using your ASA 5505 as transparent mode in your design? Transparent mode turns the ASA to a layer 2 device or a bridge. This enables you to put the ASA between your router and layer 3 switch. See link on how: https://community.cisco.com/t5/security-documents/asa-5505-8-4-transparent-mode-configuration-example/ta-p/3130678
04-22-2019 03:01 PM
The original post asks what seems to be a fairly simple question: "I want to connect one of my interfaces to a layer 3 switch that has multiple networks". And @Philip D'Ath provides a pretty simple answer that yes that can be done and static routes for the various subnets connected on the switch will provide connectivity. Given the additional statement in the original post that inter vlan routing is enabled on the switch I believe that the answer would work. It uses a single ASA interface, with an ASA SVI for the vlan on that interface to connect to an access port on the switch. The subnet configured for this connection provides transit connectivity between switch and ASA. The switch would route between its vlans and would route traffic for outside to the ASA. And the ASA would forward responses from outside to the switch.
But I suspect that the original poster was really trying to ask a different question. Especially the part where he mentions router on a stick and not being able to configure sub interfaces makes me thing that the original poster is thinking of connecting the switch port as a trunk rather than as an access port. That is possible. See information in this link for details of how to configure it.
So connecting the switch to the ASA as a trunk can be done. But I would question why the original poster wants to do this? If it were a layer 2 switch then it would make good sense to connect a trunk to the ASA and use the ASA for inter vlan routing. But this switch is layer 3 and is doing inter vlan routing. So what is the reason to want to connect each vlan directly to the ASA?
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide