To check the licence level of your ASA, use this command
show licence
and post up the results. I'm almost willing to bet you only have BASE. In which case, two immediate questions
come to mind :
a) how many VLANs did you need for your existing setup, and do you see that growing in the near future?
b) is there a particular reason you need to make it so complex... I can understand about having the 2811 route
(and possibly NAT), and have the ASA for security, but at this point you're overcomplicating things, especially
with this setup you're now proposing
said by bvn63:Internet --> Linksys WRT54GL --> ASA 5505 --> Router 2811 --> Switch 2950
My 00000010bits -- stick to the KISS principle with your setup. If you REALLY need BOTH the ASA and the 2811, a possible
better design to maximize each device's strengths would be to have the ASA do the NAT and security, but
set up a /30 connection to one of the routed interfaces on the 2811. You then use the 2nd routed interfaces
to do the subints and trunking to the 2950 BUT NO NAT on the 2811, ie. something like this :
ASA NAT OUTSIDE / DHCP address assigned by ISP
|
ASA NAT INSIDE / 192.168.1.1/30
|
2811 / FE0 / 192.168.1.2/30
|
2811 / FE1.2 / 192.168.2.0/24
2811 / FE1.3 / 192.168.3.0/24
2811 / FE1.4 / 192.168.4.0/24
2811 / FE1.5 / 192.168.5.0/24
...
|
|
trunk int to 2950
|
|
V
Regards