Zulcap Zack
asked on
Cisco ASA connect with xconnect interface - L2TPv3
Hi.
Previously we have a Cisco 892FSP connected to our LAN switch (C2960) in which 892FSP router is configured with xconnect interface and connected directly to our LAN switch. We established L2TPv3 Tunnel with our site office between these two. Now we added a new firewall (ASA5506) between 892FSP and our LAN switch. Here are the things that I am not sure:
1. In ASA5506, how to configure the vlan for inside and outside interface? The firewall running in transparent mode but the vlan has no IP Address. What IP address should i configured for BVI interface?
2. 892FSP router interface that will be connected to ASA5506 is configured with xconnect, how do I integrate between these two as xconnect interface has no ip address configured.
Appreciate if you guys could give some ideas. Thank you
Previously we have a Cisco 892FSP connected to our LAN switch (C2960) in which 892FSP router is configured with xconnect interface and connected directly to our LAN switch. We established L2TPv3 Tunnel with our site office between these two. Now we added a new firewall (ASA5506) between 892FSP and our LAN switch. Here are the things that I am not sure:
1. In ASA5506, how to configure the vlan for inside and outside interface? The firewall running in transparent mode but the vlan has no IP Address. What IP address should i configured for BVI interface?
2. 892FSP router interface that will be connected to ASA5506 is configured with xconnect, how do I integrate between these two as xconnect interface has no ip address configured.
Appreciate if you guys could give some ideas. Thank you
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Q. Wouldn't the subnet just be the same for both sides? Meaning, the xconnect addresses are just for xconnect, and so the network looks like one subnet across the VPN--from one side to the other.
If this is the case, and you're running the ASA in transparent--not routed--mode, it would seem you'd assign an IP address from the existing subnet to the BVI interface. As I understand it though, a BVI IP is only required for managing the ASA (see question at supportforums.cisco.com/t5
You might also find www.cisco.com/c/en/us/td/d
Cheers!