Hello Carlos,
Thanks for ur reply, please confirm the steps for my configuration,
- Inline vlan pair between vlan 2 and vlan 3 on gig0/0 of IPS
- Connect ASA-SW to DMZ-SW via a access link vlan 3 because the servers
will be in vlan 2 and the ASA-SW port connecting to DMZ-SW will be in vlan
3.
THE TRAFFIC FLOW
Please confirm me if it is wrong
- From Servers Traffic hitting to Default gateway i.e ASA-DMZ interface
- IT will be hitting to vlan 2 on switch the broadcast will be on IPS the
mapping of vlan2 and vlan 3 will broadcast on vlan 3
- On vlan 3 ports of DMZ-SW broadcast will receive and will be forwarded
to ASA-SW interface and to ASA on vlan 3.
Please correct the above steps are correct,Waiting for ur replies friends
Thanks
On Thu, Feb 10, 2011 at 5:21 PM, Samuel Jack <jacksamuel32_at_gmail.com> wrote:
> Hello Carlos,
>
> Very good Explanation.
>
> Can u explore more the below paragraph,i have understood but i want to be
> more clear,
>
>
> Do you have the same vlans in both switches already ? If not,
> the link can be an access link joining the ASA-SW DMZ vlan to
> a DMZ-SW outside vlan. Then create an inside vlan and put
> both (inside and outside) in a trunk port to the IPS.
>
>
> What i understood from ur above mail is
>
>
> 1. If I wanna go with inline vlan pair then inside and outside
> interface will be same
> 2. I have to connect ASA-SW to DMZ-SW .
>
>
> I have only 1 subnet can u explain me the traffic flow??
>
>
>
> Thanks
>
>
>
> On Thu, Feb 10, 2011 at 3:31 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar>wrote:
>
>> Estela,
>> if you have to use an inline vlan pair, then inside and outside of the IPS
>> are going to be in the same interface.
>>
>> You say you have two switches, you will have to connect them somehow,
>> so both inside and outside can be vlans of the DMZ-switch.
>>
>> Do you have the same vlans in both switches already ? If not,
>> the link can be an access link joining the ASA-SW DMZ vlan to
>> a DMZ-SW outside vlan. Then create an inside vlan and put
>> both (inside and outside) in a trunk port to the IPS.
>>
>> -Carlos
>>
>> estela Mathew @ 10/02/2011 03:52 -0300 dixit:
>>
>>> Hello,
>>>
>>> Topology:
>>>
>>> ASA------>ASA-SW------->IPS-------->DMZ-SW-------->Servers
>>>
>>> I have a DMZ in my ASA i have kept IPS in between the ASA and Servers, I
>>> have IPS 4240 i want to configure inline vlan pair,How can i do it,
>>>
>>> IPS gig0/0 is connected to DMZ-SWITCH and IPS gig0/1 is connected to
>>> ASA-SWITCH what will be the vlan pair, I have only 1 subnet in DMZ
>>> 192.168.10.0/27.
>>>
>>> Please don't suggest IPS Inline interface pair becz i know it can work
>>> easily Customer is insisting me to do inline vlan pairing.
>>>
>>> I have seen the configuration example from cisco but still i have
>>> doubts,Suppose if i create a vlan pair between vlan 1 and vlan 2 on
>>> gig0/0
>>> then what pairing will be on gig0/1 which is connected to ASA-SW, ihave
>>> only
>>> 1 subnet in DMZ .
>>>
>>> Please help
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>> --
>> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
Blogs and organic groups at http://www.ccie.net
Received on Thu Feb 10 2011 - 17:46:26 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART