09-15-2015 03:23 AM - edited 03-05-2019 02:18 AM
Hi everyone,
I have few questions. I am redesigning our network for a number of reasons, but it is a bit difficult and I need some help :)
Right now out ASA is doing both firewalling and intervlan routing:
Present design: INTERNET ------ ISP modem ------ L2_core_switch ------ Cisco ASA
|
|
L2 access switch
Cisco ASA does NAT, Intervlanrouting... etc.
ISPmodem to L2_core_switch is access vlan 10
L2_core_switch to Cisco ASA is access vlan 10
ASA conf:
interface Vlan10
nameif Outside
security-level 0
ip address 212.186.555.122 255.255.255.252 (fake public ip address)
interface Ethernet0/0
description to L2_core_switch Fa0/2
switchport access vlan 10
switchport trunk allowed vlan 10 (I believe is an access vlan, maching the switch configuration)
interface Vlan20
nameif Lan1
security-level 50
ip address 10.1.20.254 255.255.255.0
interface Vlan50
nameif WLAN
security-level 50
ip address 10.1.50.254 255.255.255.0
PHASE 1 design: INTERNET ------ ISP modem ------ Cisco ASA ------L2_core_switch
|
|
L2 access switch
To begin I just want to move the ASA to be in front of the ISP modem without a L2 switch in between.
As far as I am concern, I would need to:
Future design to be addressed later on: INTERNET ------ ISP modem ------ Cisco ASA ------ L3 switch
|
|
L2 access switch
There will come more phases ASAP, but this is a good start :D:D:D
thanks a lot,
09-15-2015 05:33 AM
I do not agree when you say "I think that Vlan10 and et0/0 configuration on the ASA should remain untoched ". In your current environment your Eth0/0 is a trunk carrying a couple of VLANs. If you change the environment and the ASA Eth0/0 is now connected to the ISP modem then Eth0/0 needs to be configured as a simple access port and not as a trunk. The interface of the ASA that connects to the layer 2 switch (which you have not identified for us) would need to be configured as a trunk.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide