Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2486
Views
5
Helpful
2
Replies

Asa to Router to Switch

Go to solution
Jah8887
Level 1
Level 1

‎02-27-2018 04:13 PM - edited ‎03-05-2019 10:00 AM

Hi all,

I am trying to connect my Asa5508-x to my Cisco 4331 router which then I would like to connect to my Cisco SG550X-24MP switch, which I would like devices to be able to get out onto the internet.  If I remember right, its been a while, was it the BDI or BVI command that could allow 2 interfaces on the same subnet?  As of now I have listed below of what my end goal is.

 

Asa interface 3 10.0.0.1 /24 >Router gigeth0/0 10.0.0.2 /24 gigeth0/1 no ip >Switch 192.168.1.150 /24

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio E. Moisa
VIP
VIP

‎02-27-2018 05:58 PM - edited ‎02-27-2018 05:59 PM

Hi

Just a question, the router is being used for other purposes, because you could remove it and connect the ASA to the Switch only. 

Now if you are going to work with: ISP - ASA - Router- Switch, you must:

 

Configure on ASA

- NAT

- Default route pointing to the ISP

- static routes pointing to the Router to know the internal networks

- ACLs

- Configure the public IP under the interface facing to the ISP and set up the nameif and security levels on the specific interfaces. For the OUTSIDE interface it should have a security level of zero, and 100 for the INTERNAL interface.

 

Configure on the Router

- Default route pointing to the Firewall

- Create the networks for the users 

- If you are going to use Router-in-a-stick scheme, create the sub-interfaces from the physical interface connected to the Switch. 

 

Configure on the Switch

- Create the VLANs for the users

- Configure as trunk the interface connected to the Router and allow to pass the VLANs over the trunk. 

- Configure the switchports for the users. 

 

Configure on the computers

- Verify if the computers are configured over the proper VLAN with its proper IP/Subnet mask and default gateway (it will be the IP of the sub-interface on the router)

- Verify DNS servers. 

 

Now I have the question about why you could require BVI on this scheme?

 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

2 Replies 2

Go to solution
Julio E. Moisa
VIP
VIP

‎02-27-2018 05:58 PM - edited ‎02-27-2018 05:59 PM

Hi

Just a question, the router is being used for other purposes, because you could remove it and connect the ASA to the Switch only. 

Now if you are going to work with: ISP - ASA - Router- Switch, you must:

 

Configure on ASA

- NAT

- Default route pointing to the ISP

- static routes pointing to the Router to know the internal networks

- ACLs

- Configure the public IP under the interface facing to the ISP and set up the nameif and security levels on the specific interfaces. For the OUTSIDE interface it should have a security level of zero, and 100 for the INTERNAL interface.

 

Configure on the Router

- Default route pointing to the Firewall

- Create the networks for the users 

- If you are going to use Router-in-a-stick scheme, create the sub-interfaces from the physical interface connected to the Switch. 

 

Configure on the Switch

- Create the VLANs for the users

- Configure as trunk the interface connected to the Router and allow to pass the VLANs over the trunk. 

- Configure the switchports for the users. 

 

Configure on the computers

- Verify if the computers are configured over the proper VLAN with its proper IP/Subnet mask and default gateway (it will be the IP of the sub-interface on the router)

- Verify DNS servers. 

 

Now I have the question about why you could require BVI on this scheme?

 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Go to solution
Jah8887
Level 1
Level 1
In response to Julio E. Moisa

‎02-28-2018 08:42 AM

There is a possibility of opening up another site and linking them together, but as of now they are focused on one site which is why I was thinking bridging.  Maybe I am confusing it with something else, it has been a while since I have had to use some of these commands.

 

Thanks for the help,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card