Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
0
Helpful
1
Replies

Configuring L3 switch as default GW behind ASA Firewall

Go to solution
Dunner1991
Level 1
Level 1

‎03-11-2020 08:32 AM

Hi All,

 

I am in the middle of moving my Default GW for office users from my ASA down to cisco (L3) switch.

 

I need this traffic to hit the Default GW and then need to set a default route back to the firewall

 

I wanted to create an SVI on the switch for the GW IP

 

The issue i have is that on the same switch there is already an SVI configured on vlan 1 in the same range as the Default GW so I don't know if what I amtrying to do is possible

 

I am unsure what other options there to help implement this solution

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chrisjoyce1980
Level 1
Level 1

‎03-11-2020 08:48 AM - edited ‎03-11-2020 08:55 AM

Myself, I would create a new transit network/vlan between the ASA and the L3 Switch.  I would use this network to route/forward traffic requests.

 

Configure the L3 Switches default gateway as the ASA. (i.e. ip route 0.0.0.0 0.0.0.0 172.16.0.1)

For the ASA, configure routes for the internal network on the L3 Switch (i.e. route inside 10.0.0.0 255.0.0.0 172.16.0.3)

Or you could use OSPF or EIGRP for Dynamic Routing, rather than configuring static routes.

 

For Example: ASA

!

interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.16.0.1 255.255.255.248 standby 172.16.0.2

!

route inside 10.0.0.0 255.0.0.0 172.16.0.3 <route back to your internal network/subnet(s)>

!

 

For Example: SW

!

VLAN: 999

NAME TRANSIT-NETWORK

!

interface Vlan999
description Routed WIFI-AP VLAN 10.232.72.0/22
ip address 172.16.0.3 255.255.255.248
no ip redirects
no ip proxy-arp

no ip unreachable

!

ip route 0.0.0.0 0.0.0.0 172.16.0.1 <route to anything that isn't local to the L3 switch>

!

View solution in original post

0 Helpful
1 Reply 1

Go to solution
chrisjoyce1980
Level 1
Level 1

‎03-11-2020 08:48 AM - edited ‎03-11-2020 08:55 AM

Myself, I would create a new transit network/vlan between the ASA and the L3 Switch.  I would use this network to route/forward traffic requests.

 

Configure the L3 Switches default gateway as the ASA. (i.e. ip route 0.0.0.0 0.0.0.0 172.16.0.1)

For the ASA, configure routes for the internal network on the L3 Switch (i.e. route inside 10.0.0.0 255.0.0.0 172.16.0.3)

Or you could use OSPF or EIGRP for Dynamic Routing, rather than configuring static routes.

 

For Example: ASA

!

interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.16.0.1 255.255.255.248 standby 172.16.0.2

!

route inside 10.0.0.0 255.0.0.0 172.16.0.3 <route back to your internal network/subnet(s)>

!

 

For Example: SW

!

VLAN: 999

NAME TRANSIT-NETWORK

!

interface Vlan999
description Routed WIFI-AP VLAN 10.232.72.0/22
ip address 172.16.0.3 255.255.255.248
no ip redirects
no ip proxy-arp

no ip unreachable

!

ip route 0.0.0.0 0.0.0.0 172.16.0.1 <route to anything that isn't local to the L3 switch>

!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card