001. INTER-VLAN ROUTING ON THE ASA FIREWALL
Every ASA has one or more interfaces that can be used to connect to some other part of the network so that traffic can be inspected and controlled. ASA interfaces can be physical, where actual network media cables connect, or logical, where the interfaces exist internally and are passed to the network over a physical link.
The ASA can be configured with sub-interfaces as you could in the Cisco router using the feature commonly known as “Router-On-a-Stick”. As we will show in this article the ASA can act as a layer 3 routing device and perform many functions a router does. The main focus of this article is configuring the Cisco ASA firewall to perform Inter-VLAN routing between all the four VLANs configured on the LAN which are ICT, HR, FINANCE, and PROCUREMENT.
As shown in the following figure, PC1 is in the ICT VLAN while PC2 is in HR VLAN and PC3 in FINANCE VLAN and lastly PC4 in PROCUREMENT VLAN. These four PCs should be able to communicate with one another over the ASA sub-interfaces.
NETWORK TOPOLOGY DIAGRAM
And the following diagram is showing the sub-interfaces configured to support inter-VLAN routing on the Cisco ASA.
Now let us look at the corresponding VLAN on the Switch as shown in the figure below.
TESTING INTER-VLAN ROUTING
We are going to now test traffic flowing from one VLAN to another starting from PC1 in VLAN 10 to PC2 (VLAN 20), PC3 (VLAN 30) and PC4 (VLAN 40) as shown below.