Hey,
So basically the ASA 5512-X is handling traffic from the inside to the outside and the SG300 is doing routing between the VLANs
But the ASA 5512-X is also routing our VLANs to our DHCP server, is this something the SG300 is supposed to be doing our is it fine for the ASA 5512-X to be doing this?
Reason I ask is because I read its best practice to have the firewall do no internal routing and to strictly keep it as a "firewall"
So this is how it would work if I created a new VLAN
-
Create DHCP Scope on Win DHCP Server
-
Create VLAN in SG300
-
Apply any ACL between the new VLAN and other in SG300
-
Route the new VLAN in ASA 5512-X to the switch EG (route inside 172.25.30.0 255.255.255.0 10.230.1.254)
-
Nat the new VLAN so that it can access the internet on the 5512-X
No comments:
Post a Comment