Securing 1 VLAN with Cisco ASA 5520?

- N
- Nicolai
  
  Contact options for registered users
posted
18 years ago

Wed, Mar 1, 2006 11:20 AM

How do I route (filter) from 1 vlan to another using my ASA5520?

Both vlans are reached via same internal interface.

any help appreciated!

- N
- Nicolai
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, Mar 2, 2006 10:40 AM

Noone?!

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, Mar 2, 2006 5:13 PM

You only allowed 23 hours. and the ASA 5500 series does not often get discussed here.

As the ASA 5500 and PIX 7.0 run the same underlying software, the answer is likely the same as what you would do on PIX 7.0:

Declare the two VLANs as logical interfaces off of the physical interface. Give the two logical interfaces different IP address ranges and different security levels. Create appropriate access lists and statics or nat to allow the flows that you want with the IPs that you want. Use 'access-group' to apply the access lists to the appropriate interfaces. You will not need explicit routing because the ASA software should automatically add routes for all "connected" interfaces.

If you want the flow between the two vlans to be wide open with no filtering at all, then I am not sure if that can be done or not. Possibly by declaring the two vlans to have the same security level and giving an appropriate 'sysopt' command. That facility appeared in PIX 7.0 software, which I have not had an opportunity to study.

- N
- Nicolai
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, Mar 2, 2006 7:53 PM

Noted :)

Everthing noted - wll try next week at work. Thanx alot.