Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Securing 1 VLAN with Cisco ASA 5520?

Reply
Thread Tools

Securing 1 VLAN with Cisco ASA 5520?

 
 
Nicolai
Guest
Posts: n/a
 
      03-01-2006
How do I route (filter) from 1 vlan to another using my ASA5520?

Both vlans are reached via same internal interface.

any help appreciated!

--

Med venlig hilsen / Best regards
Nicolai


 
Reply With Quote
 
 
 
 
Nicolai
Guest
Posts: n/a
 
      03-02-2006
> How do I route (filter) from 1 vlan to another using my ASA5520?
>
> Both vlans are reached via same internal interface.
>
> any help appreciated!


Noone?!


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      03-02-2006
In article <4406cba8$0$2104$(E-Mail Removed)>,
Nicolai <(E-Mail Removed)> wrote:
>> How do I route (filter) from 1 vlan to another using my ASA5520?


>> Both vlans are reached via same internal interface.


>> any help appreciated!


>Noone?!


You only allowed 23 hours. and the ASA 5500 series does not often
get discussed here.

As the ASA 5500 and PIX 7.0 run the same underlying software,
the answer is likely the same as what you would do on PIX 7.0:

Declare the two VLANs as logical interfaces off of the physical
interface. Give the two logical interfaces different IP address ranges
and different security levels. Create appropriate access lists
and statics or nat to allow the flows that you want with the IPs that
you want. Use 'access-group' to apply the access lists to the
appropriate interfaces. You will not need explicit routing
because the ASA software should automatically add routes for
all "connected" interfaces.

If you want the flow between the two vlans to be wide open with no
filtering at all, then I am not sure if that can be done or not.
Possibly by declaring the two vlans to have the same security level
and giving an appropriate 'sysopt' command. That facility appeared in
PIX 7.0 software, which I have not had an opportunity to study.
 
Reply With Quote
 
Nicolai
Guest
Posts: n/a
 
      03-02-2006
>>> Both vlans are reached via same internal interface.
>
>>> any help appreciated!

>
>>Noone?!

>
> You only allowed 23 hours. and the ASA 5500 series does not often
> get discussed here.


Noted


> As the ASA 5500 and PIX 7.0 run the same underlying software,
> the answer is likely the same as what you would do on PIX 7.0:
>
> Declare the two VLANs as logical interfaces off of the physical
> interface. Give the two logical interfaces different IP address ranges
> and different security levels. Create appropriate access lists
> and statics or nat to allow the flows that you want with the IPs that
> you want. Use 'access-group' to apply the access lists to the
> appropriate interfaces. You will not need explicit routing
> because the ASA software should automatically add routes for
> all "connected" interfaces.
>
> If you want the flow between the two vlans to be wide open with no
> filtering at all, then I am not sure if that can be done or not.
> Possibly by declaring the two vlans to have the same security level
> and giving an appropriate 'sysopt' command. That facility appeared in
> PIX 7.0 software, which I have not had an opportunity to study.


Everthing noted - wll try next week at work. Thanx alot.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco ASA 5510/5520 and VLAN ? Affect IPSEC Remote User at one vlan Mag Cisco 2 01-31-2009 03:48 PM
Cisco C2900XL want ports to work on native vlan and switchport vlan paul1537 Cisco 0 05-15-2008 03:30 PM
Using CISCO ASA 5510 as layer 3 for inter-Vlan routing WabukiSensei Cisco 4 12-06-2006 04:24 AM
Inter-vlan routing problem with CISCO ASA 5510 WabukiSensei Cisco 0 12-01-2006 02:48 AM
Cisco Softphone Vlan Versus Preexisting Hardphone Voice Vlan Tennisman Cisco 1 09-23-2005 02:57 PM



Advertisments