Hi everyone,
I have few questions. I am redesigning our network for a number of reasons, but it is a bit difficult and I need some help :)
Right now out ASA is doing both firewalling and intervlan routing:
Present design: INTERNET ------ ISP modem ------ L2_core_switch ------ Cisco ASA
|
|
L2 access switch
Cisco ASA does NAT, Intervlanrouting... etc.
ISPmodem to L2_core_switch is access vlan 10
L2_core_switch to Cisco ASA is access vlan 10
ASA conf:
interface Vlan10
nameif Outside
security-level 0
ip address 212.186.555.122 255.255.255.252 (fake public ip address)
interface Ethernet0/0
description to L2_core_switch Fa0/2
switchport access vlan 10
switchport trunk allowed vlan 10 (I believe is an access vlan, maching the switch configuration)
interface Vlan20
nameif Lan1
security-level 50
ip address 10.1.20.254 255.255.255.0
interface Vlan50
nameif WLAN
security-level 50
ip address 10.1.50.254 255.255.255.0
PHASE 1 design: INTERNET ------ ISP modem ------ Cisco ASA ------L2_core_switch
|
|
L2 access switch
To begin I just want to move the ASA to be in front of the ISP modem without a L2 switch in between.
As far as I am concern, I would need to:
- change the cable coming from the ISP modem to the Cisco ASA 0/0
- I think that Vlan10 and et0/0 configuration on the ASA should remain untoched
- I think that Vlan10 and et0/0 configuration on the Switch Fa0/2 should aldo remain untoched
- SUMMARY: If I change the order of the devices, as I am always using ACCESS VLAN 10, it should just work
Future design to be addressed later on: INTERNET ------ ISP modem ------ Cisco ASA ------ L3 switch
|
|
L2 access switch
There will come more phases ASAP, but this is a good start :D:D:D
thanks a lot,
