03-23-2015 02:18 PM - edited 03-07-2019 11:13 PM
So, I'm doing inventory/auditing some networks and I've noticed something that i think is configured incorrectly. All these networks have a pretty simple hardware setup. An ASA 5505 connects to a 3750 with an ipservices license. The 3750 is then connected to five - ten 2960s. The 2960s on a couple of these networks are using the ASA as the default gateway. To me, it seems that the 3750 is setup as the core switch and should be doing all the routing. There is an ipsec l2l vpn on the ASA but, I don't see any reason that the ASA should be doing all the routing. Can anyone confirm/deny this?
Thanks!
03-23-2015 02:31 PM
Jessica
Difficult to say as it's not our network :-)
If the 3750 is doing all the routing between vlans and if you also have a management vlan for the switches on the 3750 then I would have thought the default gateways of all 2960s should be pointing to the 3750 and not the ASA.
Usually in the setup you have described you would have a default route on the 3750 pointing to the ASA and then routes on the ASA for the inside subnets routed on the 3750.
Even if access was needed from the ASA to the 2960s I would expect it go via the 3750 to be honest.
There may be reasons why it has been done that way but from your brief description it is not what I would expect to see.
Jon
03-23-2015 02:33 PM
eh, it's recently my network by default... LOL. And I agree. It's not what I expected to see. I thought I was losing my mind though. I'm still trying to see if I can find a reason my predecessor 6 times removed set it up this way. Thanks for the fast reply.
03-23-2015 02:37 PM
There may well be no real reason but it's always safe to assume there might be until you are sure there isn't.
What I would say though is that if you have a management vlan for the switches they should probably use that and not be in the same vlan/IP subnet as the ASA.
If access is needed to those switches via the VPN for example it can still get there, just via the 3750s instead of direct.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide