![]() ![]() So in the above example let’s say we have two VLANs defined on the Layer 3 switch. What this means is that the layer 3 switch can route between any of the VLANs that have SVIs defined on them. The switch sees all of the defined interfaces as directly connected routes. Cisco calls these interfaces SVIs or switched virtual interfaces. In addition to defining VLANs like any other layer 2 switch, a layer 3 switch can define interfaces on the VLANs. This means that the switch functions both at the data link layer (layer 2) for switching frames, and the network layer (layer 3) for switching packets. For those of you who don’t know, a layer 3 switch is essentially a switch that can talk and route IP. Additionally, we added a layer 3 switch which aggregates traffic between the users and the edge devices. One is the firewall, which terminates the internet connection, and the second is the router, which terminates the point to point circuit between the offices. In the diagram above we have two edge devices. Cannot ping asa through easyvpn full#Now we have something that resembles a full network infrastructure. Now, where does the inside interface of that router go? Let’s take a look at the diagram below which has a significantly larger infrastructure shown. In most cases the company will purchase a router and terminate the circuit in a WIC card installed on that router. Since the ASA isn’t capable of terminating a circuit like this it needs to terminate somewhere else. For one, what happens when you add more external network links? Say the company outgrows their site to site VPN solution and needs to put a dedicated point to point circuit in between two offices. This works great in some deployments, but it has its flaws. Pretty standard right? One ASA with a single subnet behind it. For instance, take a look at the below configuration. This is almost a necessity to have when you have more than one edge device terminating connections. The most typical large scale deployment (enterprise level) involves creating what I like to call a ‘com’ or communication network. Once you do enough of these type of deployments it becomes the norm and you forget that there are other network configurations available. The ASA’s inside interface is defined as the default gateway for the hosts on the subnet and life is good. Most of the time when we deploy an ASA 5505 to a client site, there is typically a single subnet behind the ASA that has all of the clients devices. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |