Securing 1 VLAN with Cisco ASA 5520?

Discussion in 'Cisco' started by Nicolai, Mar 1, 2006.

  1. Nicolai

    Nicolai Guest

    How do I route (filter) from 1 vlan to another using my ASA5520?

    Both vlans are reached via same internal interface.

    any help appreciated!

    --

    Med venlig hilsen / Best regards
    Nicolai
     
    Nicolai, Mar 1, 2006
    #1
    1. Advertising

  2. Nicolai

    Nicolai Guest

    > How do I route (filter) from 1 vlan to another using my ASA5520?
    >
    > Both vlans are reached via same internal interface.
    >
    > any help appreciated!


    Noone?!
     
    Nicolai, Mar 2, 2006
    #2
    1. Advertising

  3. In article <4406cba8$0$2104$>,
    Nicolai <> wrote:
    >> How do I route (filter) from 1 vlan to another using my ASA5520?


    >> Both vlans are reached via same internal interface.


    >> any help appreciated!


    >Noone?!


    You only allowed 23 hours. and the ASA 5500 series does not often
    get discussed here.

    As the ASA 5500 and PIX 7.0 run the same underlying software,
    the answer is likely the same as what you would do on PIX 7.0:

    Declare the two VLANs as logical interfaces off of the physical
    interface. Give the two logical interfaces different IP address ranges
    and different security levels. Create appropriate access lists
    and statics or nat to allow the flows that you want with the IPs that
    you want. Use 'access-group' to apply the access lists to the
    appropriate interfaces. You will not need explicit routing
    because the ASA software should automatically add routes for
    all "connected" interfaces.

    If you want the flow between the two vlans to be wide open with no
    filtering at all, then I am not sure if that can be done or not.
    Possibly by declaring the two vlans to have the same security level
    and giving an appropriate 'sysopt' command. That facility appeared in
    PIX 7.0 software, which I have not had an opportunity to study.
     
    Walter Roberson, Mar 2, 2006
    #3
  4. Nicolai

    Nicolai Guest

    >>> Both vlans are reached via same internal interface.
    >
    >>> any help appreciated!

    >
    >>Noone?!

    >
    > You only allowed 23 hours. and the ASA 5500 series does not often
    > get discussed here.


    Noted :)


    > As the ASA 5500 and PIX 7.0 run the same underlying software,
    > the answer is likely the same as what you would do on PIX 7.0:
    >
    > Declare the two VLANs as logical interfaces off of the physical
    > interface. Give the two logical interfaces different IP address ranges
    > and different security levels. Create appropriate access lists
    > and statics or nat to allow the flows that you want with the IPs that
    > you want. Use 'access-group' to apply the access lists to the
    > appropriate interfaces. You will not need explicit routing
    > because the ASA software should automatically add routes for
    > all "connected" interfaces.
    >
    > If you want the flow between the two vlans to be wide open with no
    > filtering at all, then I am not sure if that can be done or not.
    > Possibly by declaring the two vlans to have the same security level
    > and giving an appropriate 'sysopt' command. That facility appeared in
    > PIX 7.0 software, which I have not had an opportunity to study.


    Everthing noted - wll try next week at work. Thanx alot.
     
    Nicolai, Mar 2, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. networksecurity
    Replies:
    3
    Views:
    4,927
  2. Bernd Nies
    Replies:
    5
    Views:
    9,005
    Bernd Nies
    Apr 17, 2007
  3. Roberto Bazzano

    Change native VLAN on ASA 5520

    Roberto Bazzano, Jul 5, 2007, in forum: Cisco
    Replies:
    1
    Views:
    6,919
    mcaissie
    Jul 5, 2007
  4. Mag
    Replies:
    2
    Views:
    1,966
    alexd
    Jan 31, 2009
  5. Replies:
    1
    Views:
    572
    rameshhx
    Feb 22, 2009
Loading...

Share This Page