cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

189
Views
0
Helpful
1
Replies
Highlighted
Beginner

Network redesign: ASA outside interface redesign and more... PHASE1

Hi everyone,

 

I have few questions. I am redesigning our network for a number of reasons, but it is a bit difficult and I need some help :)

 

 

 

Right now out ASA is doing both firewalling and intervlan routing:

Present design: INTERNET ------ ISP modem ------ L2_core_switch ------ Cisco ASA

                                                                                                     |

                                                                                                     |

                                                                                   L2 access switch

Cisco ASA does NAT, Intervlanrouting... etc.

ISPmodem to L2_core_switch is access vlan 10

L2_core_switch to Cisco ASA is access vlan 10

ASA conf:

interface Vlan10
 nameif Outside
 security-level 0
 ip address 212.186.555.122 255.255.255.252 (fake public ip address)

interface Ethernet0/0
 description to L2_core_switch Fa0/2
 switchport access vlan 10
 switchport trunk allowed vlan 10 (I believe is an access vlan, maching the switch configuration)

interface Vlan20
 nameif Lan1
 security-level 50
 ip address 10.1.20.254 255.255.255.0

interface Vlan50
nameif WLAN
 security-level 50
 ip address 10.1.50.254 255.255.255.0

 

 
 
 

PHASE 1 design: INTERNET ------ ISP modem ------ Cisco ASA ------L2_core_switch

                                                                                                                               |

                                                                                                                               |

                                                                                                                  L2 access switch

To begin I just want to move the ASA to be in front of the ISP modem without a L2 switch in between.

As far as I am concern, I would need to:

  • change the cable coming from the ISP modem to the Cisco ASA 0/0
  • I think that Vlan10 and et0/0 configuration on the ASA should remain untoched
  • I think that Vlan10 and et0/0 configuration on the Switch Fa0/2 should aldo remain untoched
  • SUMMARY: If I change the order of the devices, as I am always using ACCESS VLAN 10, it should just work

 

 

Future design to be addressed later on: INTERNET ------ ISP modem ------ Cisco ASA ------ L3 switch

                                                                                                                                                              |

                                                                                                                                                              |

                                                                                                                                               L2 access switch

 

There will come more phases ASAP, but this is a good start :D:D:D

thanks a lot,

Everyone's tags (4)
1 REPLY 1
Hall of Fame Master

I do not agree when you say

I do not agree when you say "I think that Vlan10 and et0/0 configuration on the ASA should remain untoched ". In your current environment your Eth0/0 is a trunk carrying a couple of VLANs. If you change the environment and the ASA Eth0/0 is now connected to the ISP modem then Eth0/0 needs to be configured as a simple access port and not as a trunk. The interface of the ASA that connects to the layer 2 switch (which you have not identified for us) would need to be configured as a trunk.

 

HTH

 

Rick

 

 

If you found this post helpful, please let the community know by clicking the helpful button!
By doing so, and until end of January, you are helping Doctors Without Borders
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here