Forcing certain vlan traffic to go via asa firewall

kingging · ‎11-19-2006

Hi all,

not sure if this is possible but i would like to achieve the following with my stack of Catalyst 3750's and ASA 5520

vlan 1-5 vlan 6-10

\ /

asa

/ \

vlan 11-15 vlan 16-20

i want the switches to be the default gateway for each vlan and that routing happens for the 5 vlans it should know, then it should go to the firewall to get to the other vlans

so traffic lets say from vlan 1 to 5 does not go via the asa but from vlan 1 to 10 does

is this possible at all and what should i look at to get this working?

thanks in advance for any suggestions

lgijssel · ‎11-19-2006

Using ip routes in the default way implies that traffic from any source will be routed in the same way. Appearently, you do not want this. The solution is to use policy routing and filter upon the sources adresses by means of an acl:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml

As an alternative, you may also uses input access-lists to deny traffic to-from certain ip ranges.

Regards,

Leo

kingging · ‎11-20-2006

Hi Leo,

i think that route-maps might be the solution

i just need to format my test/bit of the live network to test

i will did some testing and it did not work but that might be because of previous test

mahmoodmkl · ‎11-19-2006

Hi

For your switche to be the default-gateway for ur vlans then it should be a multilayer switch.If its is then u can create SVI's on the switch and it will work.

What i suggest is that u create a vlan for ASA and configure ASA in that vlan.And u need to create a SVI for ASA vlan also.

And on u r switch which is doing intervlan-routing define a default-route point to ASA.

Try this if u can.

Thanks

Mahmood

kingging · ‎11-20-2006

Hi Mahmoodmkl,

the problem is that the inter-vlan routing lets vlan 1 talk to vlan 10 without going through the firewall even if you stick a default route in

so i am hoping that route-maps will the solution i am looking for

*fingers crossed*

thanks

alex