03-20-2015 12:16 PM - edited 03-05-2019 01:04 AM
I have an ASA that is supporting my guest internet access. It is supposed to be separated as much as possible. Right now, i have a VLAN (named 200) setup on my switches with no SVI, so traffic cannot escape that vlan.
On my ASA, one interface is on this 200 VLAN as the default gateway for clients in that VLAN. This is the "inside" port of the ASA,and the other interface is the "outside" interface for my ISP. What i would like to do is add a third VLAN so that i can manage this device on my normal network (outside of the 200 vlan). I know that with the base license i can only have two interfaces that can route to each other. I also know that there can be a third interface as long as you set up the "no forward interface" command, so that it can only communicate with one of the other two interfaces. What i would like is for this third vlan not have access to either of the other two interfaces. Is this possible?
I have tried to add two no forward interface commands, but that doesnt work. Any other ideas?
Thanks.
03-20-2015 12:34 PM
Patrick
Just use acls to not allow traffic from the other vlans to that vlan.
Or do you mean the actual interfaces on the ASA ?
If so no you can't really stop that but I can't see why you would need to ?
Jon
03-20-2015 12:40 PM
I just want to make sure any traffic on the new interface (lets call it VLAN73) cannot get out to either of the other two interfaces (VLAN2 or VLAN200). Also i want to make sure that traffic from the current interfaces (VLAN2 and VLAN200) cannot get to the new interface (VLAN73) under any circumstances.
So it is basically a separate interface that is used for management only.
03-20-2015 12:41 PM
Still not sure what the issue is.
When you say traffic do you mean traffic from clients ?
I which case just use acls ?
Jon
03-21-2015 04:44 PM
If I understand you right, you are looking for the interface-feature management-only
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide