Making sense of the Cisco ASA documentation

izzion

Ok, so I give up on trying to Google-fu my way to an answer to this...

We have a network that looks roughly like:

Clients
    |
    |
Cisco Catalyst Switches (one 49xx series stack, plus 2 independent 4948 switches) 
    |
    |
Cisco ASA 55XX -- Internet

For raisins, the current network is set up so that one of the Catalyst switches is configured as the default gateway, and it's performing Layer 3 routing to the ASA, which then does the NAT needful and sends traffic on its merry way to the Internet.

We're investigating splitting the servers into their own separate VLAN and subnet, and were thinking from a configuration and management perspective that it would make more sense to have the ASA become the gateway for all of our subnets, and let it handle routing (or blocking) traffic between servers, clients, guests, Internet, etc. as appropriate. Complicating matters, however, is the fact that there are really 3 separate Cisco Catalyst switches (from a logical perspective) -- 2 that aren't stackable and a stack of 5 switches. While these switches are connected to each other in a way that they form a proper spanning tree loop, I would like to have at least two uplinks to the ASA. Is it possible to "switch" two physical ports together on the ASA as uplink ports to our switching infrastructure? And then have the ASA terminate all VLANs from the switching infrastructure on that bridged/switched interface so we can have separate sub-interfaces in separate security zones, etc?

I find it frustrating that I could have been done setting this up on a MikroTik, at 10% of the hardware cost, by the time I finished typing out this post. Enterprise grade is for the birds...

Captain

@izzion said in Making sense of the Cisco ASA documentation:

I find it frustrating that I could have been done setting this up on a MikroTik, at 10% of the hardware cost, by the time I finished typing out this post.

I bet...