You are right - your ASCII art is bad.... :-) Why do people insist on using one big switch an VLANs... OUCH! This just makes thing more complicated and very dangerous should someone misconfigure the switch - with a small bit of reconfiguration, you can bypass the ASA altogether...
Normally I would
Internet-Router
|
Some other SWITCH
|
ASA 5520
|
CATALYST
And if you want, run trunking between the ASA and CAT
so that you effectively get more interfaces on the ASA
Regards
Andrew
On 20/12/2007, at 4:12 PM, jgrumbles wrote:
I am absolutely horrible at text images/graphs, here is a Visio that can clear things up hopefully. Now that I've drawn it out this way it helps me more even. Someone suggested that it should hang of the same network as Gi0/1 which makes senes to me now.
smime.p7s
Description: S/MIME cryptographic signature
