[c-nsp] ASA 5510 & dot1q subinterfaces

Adam Greene maillist at webjogger.net
Thu Jun 15 18:04:16 EDT 2006


Hi,

We're thinking of rolling out an ASA 5510 to a customer who hosts a couple
of racks of equipment in our datacenter. They currently have (3) subnets
serviced by a 2600 router, which connects into a 3750 in our core. The ASA
5510 would enable them to restrict administration traffic to their servers
to a VPN.

I'm thinking I should be able to remove the 2600 from the loop and configure
(3) dot1q subinterfaces on one of the ASA 5510's 10/100 ports, to service
the (3) customer subnets. I would need to apply some minor packet filtering
functionality (i.e. blocking NetBIOS over TCP) between the subnets, but
other than that, the three subnets could communicate freely between
themselves.

I'm assuming I shouldn't have any problems deploying the ASA 5510 in this
way, based on the datasheets and support documentation I've skimmed for the
ASA 5510. Does anyone see any flaws in my reasoning I should know about?

thanks for the help,
Adam


---
[This e-mail was scanned for viruses by our AntiVirus Protection System]



More information about the cisco-nsp mailing list