Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
250
Views
0
Helpful
2
Replies

Help with network setup/VLAN

rodito
Level 1
Level 1

‎12-21-2016 12:04 AM - edited ‎03-08-2019 08:39 AM

Hi All,

Our new network is going to be like this after implementation.

Internet (Public IP /24) .1 <-> .2 ASA <-switch-Internal

   |----<-switch-DMZ

   |----<-switch-TechDepartment

ASA 5516-x

All switches are Catalyst 2960's

All of these switches are on their own interface ports on the ASA

Currently:

Internal - 10.1.1.1/24

DMZ - 172.16.1.1/24

TechDept - 172.21.0.1/24

My question is that we have the following other networks

- Wifi Network (10.1.2.1/24) and Management network (10.1.3.1/24) on the Internal network

- 172.21.1.1/24, 172.21.2.1/24, 192.168.11.1/24 on the TechDept network

- Would assigning VLAN within the respective switches be sufficient enough to do the routing?

- Should I do the routing on the switches for this networks?

--- Like set the switch IP to .1 and the ASA interface to .252 and then add route 0.0.0.0 0.0.0.0 ASA_IP 1 to the config for all the swiches?

say for switch-internal

vlan 1 - 10.1.1.1/24

vlan 10 - 10.1.2.1/24

vlan 20 - 10.1.3.1/24

For TechDept

vlan 30 - 172.21.0.1/24

vlan 40 - 172.21.1.1/24

vlan 50 - 172.21.2.1/24

vlan 60 - 192.168.11.1/24

How can I make sure I can ping or access these vlans from the other interface/switches/vlans?

Thanks

Jeff

Labels:
0 Helpful
2 Replies 2

PacketSpartan
Level 1
Level 1

‎12-21-2016 03:19 AM

Hi Jeff

Each of the subnets will need their own VLAN on the ASA and then set up policies between them to allow access based on your security needs. 

You can achieve it by having sub interfaces on the ASA for each of the vlan and trunk your switches to it. 

CCNA R&S
0 Helpful

rodito
Level 1
Level 1
In response to PacketSpartan

‎12-21-2016 09:38 AM

Thanks TTboy1988

So something like this:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/intrface.html#wp1044006

What if I just want it very simple without seperating the networks? Would just defining the network in the ASA and then having the default route/gateway to 172.21.0.1 for all networks inside TechDept works? They are trying to migrate it one vlan anyways.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card