Solved: Routing between Vlans - Page 3

WezMorris40 · ‎02-15-2011

We run a small company network where everything runs on the native VLan but recently a second internet line and server was installed on a second VLan.

Attached is a pic of the network setup and our current config.

Currently the orange Vlan (VLan 30) has zero communication with the rest of the network. What steps would I need to take so that we could remote desktop to that server?

I can't see a way of getting the Inside and BT_DMZ interfaces to talk to each other.

Our end game is to eventually get the DMZ using the BT managed router and ditch the PIX entirely.

I'm fairly rookie when it comes to networking, most of what I've done is through the ASDM gui and even then most was guesswork.

Any help you could provide is much appreciated

martin_knorre · ‎02-17-2011

Hey,

your design looks good so far, but a question is, what is that Isolated Server in the 192.168.x.x Net? I thought that this is used for asa mgmt?

I would configure as follows, because you can dump the VLAN 1 (security reason)

and you have another interface on the ASA for a DMZ or something else.

Regards Martin

WezMorris40 · ‎02-17-2011

Pretty sure it's isolated as we don't actually have control over it and it was haphazardly wedged into a secure section of network. Was there before I got here unfortunately, but I see no reason why it can't exist on the DMZ.

I'm going to try first without the re-jigging sub interfaces, I dont think I have enough time or knowledge to fix it if it goes wrong.

Thank everyone for your help on this, its been really appreciated. I'll give a shot at changing the layout a bit and hopefully wont be back anytime soon =D

Edit: Not actually sure who or where to mark as the correct answer. Both of you were very helpful