07-16-2020 01:29 PM
I have an ASA at the edge that connects to an internal layer 3 switch. The switch also connects to a router. The switch, where SVIs are configured, act as the core switch, and is the gateway for guest and other internal VLANs. Guest VLAN needs to be segregated from other VLANs and only gets internet access, and they do so through a VRF between the switch and ASA. Now, there is a requirement for these guest devices to communicate with a vendor over a GRE tunnel while still maintaining the segregation on the LAN. GRE is not supported on this switch, but is supported on the router. How can this GRE be configured?
07-16-2020 08:08 PM
07-16-2020 11:00 PM
Thanks for the reply. What you describe makes sense but appears to require a physical connection between the router and the ASA. However, the router is not directly connected to the ASA in my environment. Router is connected to the switch physically as shown below.
Router interface used to connect to switch
interface GigabitEthernet0/0
ip address 10.12.251.10 255.255.255.252
Switch interface used to connect to router
interface GigabitEthernet2/0
no switchport
ip address 10.12.251.9 255.255.255.252
The switch has the existing guest VRF configured as shown below, and it works today by allowing guest devices internet access through the ASA while keeping the guest VLAN completely isolated from the rest of the VLANs.
ip vrf guest
interface Vlan370
description guest for devices
ip vrf forwarding guest
ip dhcp relay information trusted
ip address 172.18.72.1 255.255.255.0
ip access-group GUEST in
end
interface Vlan379
description Guest to ASA5505
ip vrf forwarding guest
ip address 172.18.73.2 255.255.255.252
end
ASA is configured to send return traffic from the internet back to the switch
route guest 172.18.72.0 255.255.255.0 172.18.73.2
Can you elaborate if your suggestion still applies?
07-18-2020 07:20 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide