[c-nsp] Transparent ASA 5510 on a dot1q Trunk
jcovini at free.fr
jcovini at free.fr
Tue Apr 8 05:11:19 EDT 2008
Hi Chris,
This is feasible if you use multiple contexts in transparent mode as described
here :
http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/examples.html#wp1010043
Basically you define all necessary vlan subifs into the global context, then you
use them as inside/outside pairs into each context. A guy called Ge Moua here at
c-nsp sent me a working configuration for this a couple of months ago,
unfortunately can't get my hands on it anymore. Maybe Ge can kick-in and repost
it for you.
Jerome Covini
Selon Chris Riling <criling at gmail.com>:
> Hey Guys,
>
> Forgive the dumb question, I'm not much of a Cisco security guy... I
> have a 5510 I need to put in transparent mode and I want it to sit in the
> middle of a dot1q trunk and filter traffic for the 4 VLANs traversing the
> trunk between the two switches. What is the best way to do this? As someone
> on the list had pointed out to me once, you should be able to create inside
> and outside VLAN subinterfaces for each VLAN but I'm still a little
> confused... Anyone else have any input? The ASA supposedly does some "tag
> switching" and you need to have the same VLANs have one tag on the inside,
> and another tag on the outside, but I'm not exactly sure how you associate
> each inside VLAN with it's respective outside VLAN and vice versa in the
> config...
>
> Thanks,
> Chris
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list