cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1620
Views
0
Helpful
1
Replies

Isolating switch ports for a separate network, VLAN ?

davcommunay
Level 1
Level 1

Dear all,

I have to configure failover Active/Standby on my ASA 5510.

I am wondering how i could do for the outside interface, i mean, actually the ASA1--outside interface is linked directly to our Internet router.

So now if i have to add ASA2 connecting to that router i will need a switch between them.

I have already a switch for DMZ & LAN.

The thing is that i will have to allow 3 switchs ports to communicate with each others.

- 1 for ASA1--outside

- 1 for ASA2--outside

- 1 for Internet router

How could i isolate these 3 ports to make them communicate alone ? Should i use VLAN for that ?

And if i use VLAN, will this require to make any change of configuration on my firewalls (ASA1 & ASA2) outside interface ?

I am a bit lost with this, if i am correct i will not have to do some "vlan tagging" on the firewall itself ?

Thank you for your answer.

Regards,

David

1 Reply 1

glen.grant
VIP Alumni
VIP Alumni

Just create a L2 vlan on a switch and assign 3 ports into that vlan  and plug them in . No L3 config needed on switch . This will be a common vlan for all 3 connections so no changes should be needed and they all should be able to talk to each other.

Review Cisco Networking for a $25 gift card