This physical interface of the ASA will be split into three sub-interfaces with each one belonging to a different security zone and VLAN: Interface GE0 of the ASA will be connected to a trunk port of the switch (port E0/0).Interface GE1 of the ASA (“outside” zone with IP address 100.1.1.1) will be connected to the ISP.Let’s see the network diagram of our topology below: Regarding the switch configuration, we need to have one Dot1Q trunk port connected to the ASA and also we need to configure “access ports” belonging to the appropriate VLAN for the internal hosts. Each sub-interface of the ASA will act as the default gateway for its corresponding internal LAN subnet. Thus, we need to configure sub-interfaces on a physical interface of the ASA which will be connected to a trunk port of the internal switch. Also, the ASA will act as DHCP server for each internal LAN, assigning the required IP addresses for each LAN subnet using a different DHCP scope for each one.Īlso, we will use a single physical interface of the ASA to accommodate the three internal network security zones (“inside1”, “inside2”, “inside3”). The ASA firewall will provide internet access to all internal LANs. The three internal LANs will be connected on the same switch and separated in Layer2 level with three VLANs on the switch. We want to separate the three internal LANs using an ASA firewall (either ASA5500 or the new ASA5500-X models will work fine).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |