Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
576
Views
0
Helpful
7
Replies

Intervlan Routing using ASA-5505 connected to Cisco Catalyst 3650

sharjeelkhan2
Level 1
Level 1

‎11-11-2017 10:31 AM - edited ‎03-08-2019 12:42 PM

Hi All, 

 

Hope you all are doing well. We are running the network in the below structure.

 

Internet>>Cisco ASA-5505 (Routed)>>Cisco Catalyst (Wireless Mobility)>>AP(LWAPP)>>Users.

 

We are currently running on one VLAN and having DHCP that is now 80% utilized. 

 

HELP Needed for Below Query:

I need to make a intervlan routing by using ASA-5505 so i can have new DHCP so users can connect to that one also. I am unable to do so. I have create a new VLAN100 in L3 Switch and run ip-routing command. When i goto ASA i am unable to make sub-interface. Can you please guide me how can i do it possible. As it is so much urgent requirement. Please guys help me!!!!!

 

Labels:
0 Helpful
7 Replies 7

Reza Sharifi
Hall of Fame
Hall of Fame

‎11-11-2017 12:45 PM

Hi,

Use the switch as layer-2 only and have trunk connection from the switch to the firewall. Do all the routing for both vlans on the firewall with IP and DHCP.  Here is an example of using sub-interfaces on the firewall with vlan 100 and vlan 10. Use your own IP segment as this is just for example:

HTH

 

interface Ethernet0/1.100
 description Inside LAN interface
 nameif inside
 security-level 100
 ip address 10.10.100.1 255.255.255.0 
!
interface Ethernet0/1.10
 vlan 10
 nameif inside
 security-level 100
 ip address 10.10.10.1 255.255.255.0

 

0 Helpful

sharjeelkhan2
Level 1
Level 1
In response to Reza Sharifi

‎11-11-2017 01:05 PM

Hi, 

 

Thank you for the response. Actually ASA-5505 doesnot support router on stick configurations. Whenever, i write ethernet0/1.19 it give an error unrecognized command. As ASA-5505 has all switch ports. 

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to sharjeelkhan2

‎11-11-2017 04:46 PM

Hi,

Ok, thank you for that information. In that case you can create 2 SVIs on your switch for vlan 10 and 100 and also use a 3rd layer-3 access vlan for connectivity between the switch and the firewall. Then on the switch all you need is a default route pointing to the ip address on the firewall.

HTH

0 Helpful

sharjeelkhan2
Level 1
Level 1
In response to Reza Sharifi

‎11-11-2017 07:23 PM

Hi Reza,

 

Noted!!! Can you please share me the config example so i can do it. As i am unable to do so . 

 

0 Helpful

Karsten Iwen
VIP
VIP

‎11-12-2017 07:46 AM

One more addition:

If you want to use the ASA "on a stick", you have to configure additional VLANs and use a switch port in trunk-mode. You could also assign a VLAN to a spare switchport and connect the ASA with multiple links to your switch.

But keep in mind that the ASA only has FastEthernet interfaces and is quite limited in throughput.

I would only configure the VLANs on the ASA that need to be restricted like guest-VLANs and configure all other VLANs on the switch.

0 Helpful

sharjeelkhan2
Level 1
Level 1
In response to Karsten Iwen

‎11-12-2017 08:50 AM

Hi, 

 

I have done it another way. I have created an another VLAN and connect one switchport with Firewall Switchport and assgin same VLAN that need to be run on SSID. And it is working. I will test it and will let you know. Thanks you Guys!!!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card