×

Message

PLG_KUNENADISCUSS_DEPENDENCY_FAIL

001. INTER-VLAN ROUTING ON THE ASA FIREWALL

 

 

 

Every ASA has one or more interfaces that can be used to connect to some other part of the network so that traffic can be inspected and controlled. ASA interfaces can be physical, where actual network media cables connect, or logical, where the interfaces exist internally and are passed to the network over a physical link.

 

The ASA can be configured with sub-interfaces as you could in the Cisco router using the feature commonly known as “Router-On-a-Stick”. As we will show in this article the ASA can act as a layer 3 routing device and perform many functions a router does. The main focus of this article is configuring the Cisco ASA firewall to perform Inter-VLAN routing between all the four VLANs configured on the LAN which are ICT, HR, FINANCE, and PROCUREMENT.

 

As shown in the following figure, PC1 is in the ICT VLAN while PC2 is in HR VLAN and PC3 in FINANCE VLAN and lastly PC4 in PROCUREMENT VLAN. These four PCs should be able to communicate with one another over the ASA sub-interfaces.

 

NETWORK TOPOLOGY DIAGRAM

 

 

 

And the following diagram is showing the sub-interfaces configured to support inter-VLAN routing on the Cisco ASA.

 

 

 

Now let us look at the corresponding VLAN on the Switch as shown in the figure below.

 

 

 

TESTING INTER-VLAN ROUTING

We are going to now test traffic flowing from one VLAN to another starting from PC1 in VLAN 10 to PC2 (VLAN 20), PC3 (VLAN 30) and PC4 (VLAN 40) as shown below.

 

PC1

 

 

 

PC2

 

 

 

PC3

 

 

 

PC4

 

 

 

 

THE END.

 

 

Go to top