Cisco Question
I am new to cisco and am running into a little bit of trouble configuring. We purchased a couple Cisco ASA 5510 (Active/Standby) and a bunch of 3750 we are going to use in a stack.
Cisco ASA ----- DMZ
|
3750 stack
Our office will consist of 3 vlans. Internal, Intranet and Wireless.
I have no problem configuring the 3 vlans. I configure IP Routing and can ping each of the IP Addresses but I can not figure out how to get the 3 vlans to get an internet connection.
I would like the 3 vlans to be able to route at the switch level rather than having to go to a seprate router to route between the vlans. From what I can tell is I can then configure ACL's to allow what traffic I want between the vlans.
Would I create another VLAN that connects to the ASA that would provide the internet. The 3 Vlans would route through it to get internet?
I am a little confused on how to properly have this setup. If someone could point me in the right network design I'm sure I can figure this out.
THanks in advance.
Cisco ASA ----- DMZ
|
3750 stack
Our office will consist of 3 vlans. Internal, Intranet and Wireless.
I have no problem configuring the 3 vlans. I configure IP Routing and can ping each of the IP Addresses but I can not figure out how to get the 3 vlans to get an internet connection.
I would like the 3 vlans to be able to route at the switch level rather than having to go to a seprate router to route between the vlans. From what I can tell is I can then configure ACL's to allow what traffic I want between the vlans.
Would I create another VLAN that connects to the ASA that would provide the internet. The 3 Vlans would route through it to get internet?
I am a little confused on how to properly have this setup. If someone could point me in the right network design I'm sure I can figure this out.
THanks in advance.
Last Comment
ASKER
Thanks for the quick reply.
I originally created a vlan2 (for internal) and a vlan3 (intranet) and I configured the VLAN1 (default) as my vlan that access's my internet.
From the default vlan I could get internet no problem and I could ping its default gateway.
From the internal vlan2 I could ping the vlan1 ip address but could not pint the default gateway IP.
Ex.
Cisco ASA
10.179.2.1
|
|
Cisco 3750
Vlan1 - 10.179.2.2
Vlan2 - 10.179.3.1
From a pc connected to vlan2 i can ping 10.179.3.1 and I can pig 10.179.2.2. However I could not pig 10.179.2.1 which is the default route IP so internet wont work.
Is there something i have to do to get this to work.
Originally I was going to configure the setup like
ASA - Subinterface - VLAN2 (Internal)
Subinterface - VLAN3 (Intranet)
- Interface for External
- Interface for DMZ
I was going to create a trunk port on my 3750 to carry the vlan info to my cisco ASA. With this setup I could get internet fine on the VLANS but the issue I was having was I could not get traffic to route between the vlans. If i did this setup I assume the cisco ASA would do all the routing and not the 3750's and therefore I would not enable IP Routing?
I originally created a vlan2 (for internal) and a vlan3 (intranet) and I configured the VLAN1 (default) as my vlan that access's my internet.
From the default vlan I could get internet no problem and I could ping its default gateway.
From the internal vlan2 I could ping the vlan1 ip address but could not pint the default gateway IP.
Ex.
Cisco ASA
10.179.2.1
|
|
Cisco 3750
Vlan1 - 10.179.2.2
Vlan2 - 10.179.3.1
From a pc connected to vlan2 i can ping 10.179.3.1 and I can pig 10.179.2.2. However I could not pig 10.179.2.1 which is the default route IP so internet wont work.
Is there something i have to do to get this to work.
Originally I was going to configure the setup like
ASA - Subinterface - VLAN2 (Internal)
Subinterface - VLAN3 (Intranet)
- Interface for External
- Interface for DMZ
I was going to create a trunk port on my 3750 to carry the vlan info to my cisco ASA. With this setup I could get internet fine on the VLANS but the issue I was having was I could not get traffic to route between the vlans. If i did this setup I assume the cisco ASA would do all the routing and not the 3750's and therefore I would not enable IP Routing?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you, thank you, thank you.
That was my problem. Once i added the static route back internet and the ping started working.
You dont know how long I have been trying to get this to work and that route was the problem the whole time. I figured since it found its way there it would be smart enough to find its way back. lol.
You can have my points. :)
That was my problem. Once i added the static route back internet and the ping started working.
You dont know how long I have been trying to get this to work and that route was the problem the whole time. I figured since it found its way there it would be smart enough to find its way back. lol.
You can have my points. :)
Glad to have helped you out :-)
thx for the points ;-)
Kurt
thx for the points ;-)
Kurt
ASKER
Do you know if its best practice to be using the default vlan 1 for the internet connection or is this typically not used?
Actually VLAN1 should never be used at all (so typically it's not used at all). Best practice is to use another VLAN.
Many companies still use VLAN1 as their management VLAN, but Cisco recommends not to do so, as this VLAN is the most insecure one (all ports for on a switch for example are by default in VLAN1, which makes VLAN1 an easy target for hackers.)
Many companies still use VLAN1 as their management VLAN, but Cisco recommends not to do so, as this VLAN is the most insecure one (all ports for on a switch for example are by default in VLAN1, which makes VLAN1 an easy target for hackers.)
Routers
A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.
49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
If you need more info, just let me know
Kurt