NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jaflorio's avatar
jaflorio
Aspirant
Apr 08, 2019
Solved

Netgear GS116E-200PES Gigabit-Switch (16-Port) Vlan compatibility with Cisco ASA

I'm having a problem with my Netgear GS116E Gigabit-Switch (16-Port) and a Cisco ASA 5505 firewall.

The Netgear switch is configured with 3 VLAN's - have tried both advanced port as well as basic - no difference. I've upgraded the firware to the latest 1.6.0.5. VLAN1 = Inside -192168.1.x network, VLAN2 = Inside2 - 10.1.1.x network, and VLAN3 Outside - 172.16.1.x.

I have two firewalls Palo Alto on VLAN1 (inside) and VLAN3 outside - works just fine.

When I connect Cisco ASA to VLAN2 (inside) and VLAN3 outside, my 10.1.1.x hosts cannot get through the ASA, and often do not get a dhcp address from the ASA. Isolating the Cisco ASA on another switch (Linksys) fixes the problem. Both networks work through the two firewalls now.

Is there a known issue with Cisco ASA 5505's and Netgear GS116E Gigabit-Switch (16-Port)? I don't think it's a VLAN configuration issue, pretty straightforward. I've also hard coded both Cisco ASA 5505 and the Netgear GS116E-200PES Gigabit-Switch (16-Port) to 100M Full duplex as that's the speed of the ASA interfaces. Realize this is old equipment, hust hoping someone has run into this issue before 

  • jaflorio's avatar
    jaflorio
    Apr 10, 2019

    Thanks JohnCarloV. I moved all connections to a Linksys switch as a test, no configuration changes, etc., and it worked everything worked perfectly - 2 Firewalls (Palo Alto) and (Cisco) serving two diff subnets - 3 VLAN's through one ISP.

    This can be closed, not going to troubleshoot further. Will use the GSS116E as a regular switch, just one VLAN.

2 Replies

  • JohnC_V's avatar
    JohnC_V
    NETGEAR Employee Retired
    Apr 09, 2019

    Hi jaflorio,

     

    Welcome to our community! :)

     

    We haven't encountered any issue regarding the GS116Ev2 connecting to Cisco ASA 5505 Firewall. Were you able to test if it is working by default without any VLANs? If the Cisco firewall is set to trunk then you may just need to Tag the ports on the GS116Ev2 in order for the Tag traffic to pass through the switch.

     

    Regards,

     

    JohnCarloV

    NETGEAR Community Team

    • jaflorio's avatar
      jaflorio
      Aspirant
      Apr 10, 2019

      Thanks JohnCarloV. I moved all connections to a Linksys switch as a test, no configuration changes, etc., and it worked everything worked perfectly - 2 Firewalls (Palo Alto) and (Cisco) serving two diff subnets - 3 VLAN's through one ISP.

      This can be closed, not going to troubleshoot further. Will use the GSS116E as a regular switch, just one VLAN.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More