Solved

Cisco ASA, HP Procurve 2910 VLANs

Posted on 2012-12-28
4
797 Views
Last Modified: 2012-12-31
I have a Cisco ASA 5510 as a firewall.  The main network switch is HP Procurve 2910.  I need to set up 4 Vlans.  Both the Cisco ASA and the Procurve 2910 have vlan/routing capabilities.  Which device is most appropriate setup the vlans on?  The attached image has a little more detail.
vlan-desc.JPG
0
Comment
Question by:jmichael18
4 Comments
 
LVL 17

Assisted Solution

by:jburgaard
jburgaard earned 167 total points
ID: 38728484
The Procurve 2910 is a L3-switch and capable of doing simple routing fast. The ASA as far as I remember only has 4 interfaces, but has more advanced rule-set.
So my 2 cent: Make the vlans and the vlan-routing on 2910 and the inside/outside/dmz routing on the ASA.
0
 
LVL 20

Assisted Solution

by:rauenpc
rauenpc earned 167 total points
ID: 38728508
I agree with jburgaard, but would add in that the guest vlan should go to the Asa for layer 3 routing/firewall. All other vlans should use the 2910 for routing.
0
 
LVL 36

Accepted Solution

by:
ArneLovius earned 166 total points
ID: 38729211
I would agree with rauenpc, use the L3 switch as the defult gateway for all internal networks, and DMZ or Guest networks should terminate on the ASA

The 5510 has 4 ports, if you have the sec-plus licence, ports 0 and 1 are gigabit, ports 2 and 3 are 10/100

As some QoS rules can only be applied to a physical interface, this might affect how you terminate the connections to the ASA.
0
 

Author Closing Comment

by:jmichael18
ID: 38732657
Thanks for the valuable input!
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now