Solved

Router on a Stick - Cisco ASA 5510 Security Plus with VLAN Trunk

Posted on 2009-04-14
5
1,859 Views
Last Modified: 2012-05-06
Curious on some resources and direction on setting up a Cisco ASA5510 to route and provide firewall protection for a trunk of 12 VLAN's. We will have 11 remote offices and small branches connected to the corporate office via direct fiber and line-of-site wireless, and all will be dropped into the corporate office on (1) physical trunk. I would like to plug this in directly to the ASA5510, versus using L3 switches, and would like some resources on setting the routing up correctly.

Thanks!
0
Comment
Question by:Tercestisi
  • 3
  • 2
5 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
Comment Utility
Trunk to the ASA and create a subinterface for each VLAN.  Routing will be local between subinterfaces unless each remote office will have a router.  If so, you'll need to add routes to the subnets beyond the remote office router on the ASA.  The remote office clients (if directly connected) will use the appropriate subinterface IP address as their default gateway or if using a router, put a default route on the router pointing to the ASA subinterface.  You'll probably want to set each subinterface to the same security level and enable "same-security-traffic permit inter-interface" so all VLAN's can communicate.  You can restrict access if desired using access-lists on the subinterfaces.  Setup outbound NAT for the remote networks when destined to the Internet and that should be it.
0
 

Author Comment

by:Tercestisi
Comment Utility
Great, you confirmed what I was thinking other than the same security levels. Many of the VLAN's should not talk to eachother, save for a specific IP address on only (1) other VLAN. Is it best to still keep the security levels the same or to configure them to be different in this scenario?
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
I would keep them the same.  You can still use access-lists on every subinterface to control access between VLAN's but you don't have to worry about higher/lower security levels.  It simplifies the configuration.
0
 

Author Comment

by:Tercestisi
Comment Utility
Sounds good; thanks!
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
No problem, glad to assist.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now