Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3505
Views
0
Helpful
2
Replies

How to Configure Multiple VLANs on a Firewall with a L3 Switch

Go to solution
Tom101
Level 1
Level 1

‎03-31-2022 02:51 PM

Hi, 

 

I have been struggling to configure a 5505 firewall with a on L3 3560 switch for a couple of days.  

 

To make things easier, i have provided an attached screenshot with a packet tracer file. 

 

The network design consists of an inside network with 3 VLANs. The inside network has a L3 switch that is connect to 3 separate PCs, all on different VLANs. This switch has been setup with interVLAN routing. 

 

The switch is connected to a firewall with a trunk port, that is connected to an outside network. The firewall has three separate objects for each VLAN.

 

Below is the firewall configuration. 

 

interface Vlan1
    nameif inside
    security-level 100
    no ip address
!
interface Vlan2
    nameif outside
    security-level 0
    ip address 10.10.10.1 255.255.255.0
!
object network vlan-10
     subnet 192.168.10.0 255.255.255.0
     nat (inside,outside) dynamic interface
object network vlan-20
     subnet 192.168.20.0 255.255.255.0
     nat (inside,outside) dynamic interface
object network vlan-30
    subnet 192.168.30.0 255.255.255.0
    nat (inside,outside) dynamic interface
!
class-map inspection-default
 match default-inspection-traffic
!
policy-map global-policy
 class inspection-default
  inspect icmp 
!
service-policy global-policy global

Is anybody able to take a quick look at my network and let me know what i'm doing wrong? or kindly explain the steps i should be taking to configure this firewall so that the inside network can ping the outside network. 

 

Preview file
189 KB
Configuring Firewall Example.pkt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎03-31-2022 03:18 PM - edited ‎03-31-2022 03:20 PM

Take a look.

I had to change some things.

 

First create a L3 segment between switch L3 and firewall.

Added route on the firewall to inside pointing to 192.168.0.0 as well as to outside pointing to 20.20.20.0

Corrected the default gateway of the PC.

add one more ip address on firewall to talk with l3 switch.

change de default route on switch l3

That´s it. Pinging now.

View solution in original post

Configuring Firewall Example.zip
0 Helpful
2 Replies 2

Go to solution
Flavio Miranda
VIP
VIP

‎03-31-2022 03:18 PM - edited ‎03-31-2022 03:20 PM

Take a look.

I had to change some things.

 

First create a L3 segment between switch L3 and firewall.

Added route on the firewall to inside pointing to 192.168.0.0 as well as to outside pointing to 20.20.20.0

Corrected the default gateway of the PC.

add one more ip address on firewall to talk with l3 switch.

change de default route on switch l3

That´s it. Pinging now.

Configuring Firewall Example.zip
0 Helpful

Go to solution
Tom101
Level 1
Level 1
In response to Flavio Miranda

‎03-31-2022 03:52 PM

Fabulous! I will be studying this for the next couple of hours. Thank you. 

0 Helpful
Customers Also Viewed These Support Documents