I'm looking to host a few workloads for friends. I have an ASA5510 and a 3500 switch. We plan to have a few VLANs behind the switch, all sharing the single internet connection. I was thinking of trunking a port from the ASA to the 3500, configuring sub-interfaces on the ASA for each VLAN and having the switch point to the ASA for default traffic.
My question is, with regards to the routing side, do I assign an IP to the SVI for each VLAN on the switch (i.e. int VLAN20, ip address 192.168.20.1 255.255.255.0) and have a the next hop pointing to the ASA's sub-interface for that VLAN? I guess that would mean i'd need a default route for each VLAN?
What are the suggestions?
Best Answer
Since you're building an ASA subinterface (with an IP address), it is more work to add a Layer3 SVI on the 3550. If you have a subinterface on the ASA and an SVI on the 3550, then you need static / dynamic routing between the ASA and 3550. If you do not add an SVI on the 3550, you need no special routing between them.
Trunk all your 3550 vlans as dot1q through (Fa0/1 below) to the ASA interface (Gi0/0 below), and default your users through that ASA's IP address on the appropriate vlan.