ASA 5505 with Security plus license vlan/subnet issues

Unanswered Question
Jan 15th, 2008
User Badges:


Im having some network design problems.

I think it will be easier to describe what i want to do first.

I have 3 small customers (1-4 employees) which will share internet connectivity and a large printer. Their office is within the same building. other than that they should not be able to "see" eachother.

I thought of making 3 Subnets / vlans:

Interface 0: DHCP (sec level 0)

Interface 1: VLAN 10 (sec level 100)

Interface 2: VLAN 20 (sec level 100)

Interface 3: VLAN 30 (sec level 100)

Firewall in routed mode.

What i am experiencing right now, that i am not able to ping across vlans.

i have not made any other configuration other than the neccessary for creating the vlans.

I also used the command: same-security-traffic permit inter-interface.

This should work because of the security plus license gives 20 vlans and with trunking capabilities.

Am i doing anything wrong, i really cant see what the problem is.?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jskochan Tue, 01/15/2008 - 05:57
User Badges:

Since ICMP is not a stateful connection. You will probably need to make some Access list permitting ICMP Echo-Reply. Just for trouble shooting apply some access list permit ICMP Any any to each interface.

Hope this helps.


srue Tue, 01/15/2008 - 06:12
User Badges:
  • Blue, 1500 points or more

you can optionally enable icmp inspection - which then treats icmp as stateful.


This Discussion