03-21-2007 09:47 AM - edited 03-11-2019 02:50 AM
I am in the process of configuring my ASA5505. I have the Security+ license. I am finding that I have no choice but to use VLANS and then switchport my E0/* interfaces. Is this true or can I somehow get around this setup and assign IPs and Names to E0/* interfaces w/o using VLANs?
03-23-2007 01:06 PM
You've got 20 VLAN's available w/ Security + (but you prob know that already)...
You can't get around using VLAN's on interfaces, from what I've experienced...
Any reason why you can't do w/ VLAN's and switchporting interfaces vs. assigning IP's/names to interfaces?
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080636f89.html
03-23-2007 08:23 PM
20 really? thru asdm must be.
I have experienced the same thing. VLANS rule!
I guess my understanding of VLANS vs physical int's wasn't up to par but Magnus solved the puzzle
remove the following lines from the config:
nat (DMZ) 1 access-list WEB1
global (outside) 1 webserver_real
And add the following lines:
static (DMZ,outside) webserver_real 192.168.2.2 netmask 255.255.255.255
access-list ACLIN permit tcp any host webserver_real eq 80
I still don't get why the asa prefers the public IP over the NAT. Wait I get it. Public IP rules.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide