Cisco ASA 5508 in combination with a Meraki 225

Solved
MichaelvanBal
Comes here often

Cisco ASA 5508 in combination with a Meraki 225

Hi Guys,

 

I need some help im configuring a Cisco ASA in combination with Meraki Switch

 

On the ASA i have configured some vlan interfaces for example vlan 4 (no dhcp)

 

now i connect the interface vlan 4 to the switch port 1 in trunk mode native vlan 1 and allowed vlan 4.

the switch is in static mode on the subnet of vlan 4 but i got no connection to the switch (switch down)

 

what im i doing wrong?

1 Accepted Solution
Adam
Kind of a big deal

This mostly spells it out.  

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Recommended_Configuration_for_Trunk_...

 

Just make sure the physical interface you are configuring at the trunk is the actual interface connected to your switch trunk and not a sub interface. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

View solution in original post

9 Replies 9
MRCUR
Kind of a big deal

Is the interface on the ASA configured as a trunk port? It sounds like you may have it as an access port on the ASA side but trunk on the MS side. 

 

In general, MS switches want to tag their management traffic. 

MRCUR | CMNO #12
MichaelvanBal
Comes here often

Hi MRCUR thanks for your reply

 

below asa interface (i have vlan 4 this is another vlan as example) and the meraki switch port
asa int.JPGmeraki.JPG

 

ww
Kind of a big deal
Kind of a big deal

so you setup the meraki switch on the local status page with gw to the asa?  can you ping the meraki management ip from the asa? 

MichaelvanBal
Comes here often

I have enter in the LAN IP

 

the ip address XXX.XXX.4.XXX

vlan to 4

subnet 255.255.255.0

Gateway XXX.XXX.4.1 (ip address of the interface of the asa with vlan 4 setup)

DNS XXX.XXX.4.XXX

 

PhilipDAth
Kind of a big deal
Kind of a big deal

In the ASA screenshot the VLAN ID is 46 - not 4.
MichaelvanBal
Comes here often

Correct is an example of an other asa

MichaelvanBal
Comes here often

Does anyone has an example of connecting asa to merak with asa has the vlan interfaces?

PhilipDAth
Kind of a big deal
Kind of a big deal

Do you have a notebook or desktop with a NIC that supports VLAN tags?  If so, I would plug a notebook directly into the ASA with a VLAN tag of 4 and machine sure you can access the Internet.  This will verify the NAT and access-rules on the ASA allow that VLAN to get to the Internet.

 

I believe your tagging and trunking configuration are correct. I am more suspicious that the ASA is now allowing the traffic out.

 

 

On the MS does the local status page give any reason?  For example, does it say it has a DNS problem, or a default gateway problem, etc?

Adam
Kind of a big deal

This mostly spells it out.  

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Recommended_Configuration_for_Trunk_...

 

Just make sure the physical interface you are configuring at the trunk is the actual interface connected to your switch trunk and not a sub interface. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels