ASA 5505 with Security plus license vlan/subnet issues

Unanswered Question
Jan 15th, 2008
User Badges:

Hi,



Im having some network design problems.

I think it will be easier to describe what i want to do first.


I have 3 small customers (1-4 employees) which will share internet connectivity and a large printer. Their office is within the same building. other than that they should not be able to "see" eachother.


I thought of making 3 Subnets / vlans:


Interface 0: DHCP (sec level 0)

Interface 1: VLAN 10 10.10.10.0/27 (sec level 100)

Interface 2: VLAN 20 10.10.10.32/27 (sec level 100)

Interface 3: VLAN 30 10.10.10.64/27 (sec level 100)


Firewall in routed mode.



What i am experiencing right now, that i am not able to ping across vlans.


i have not made any other configuration other than the neccessary for creating the vlans.

I also used the command: same-security-traffic permit inter-interface.


This should work because of the security plus license gives 20 vlans and with trunking capabilities.


Am i doing anything wrong, i really cant see what the problem is.?



Regards,

Ibrar



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jskochan Tue, 01/15/2008 - 05:57
User Badges:

Since ICMP is not a stateful connection. You will probably need to make some Access list permitting ICMP Echo-Reply. Just for trouble shooting apply some access list permit ICMP Any any to each interface.


Hope this helps.

Jeff

srue Tue, 01/15/2008 - 06:12
User Badges:
  • Blue, 1500 points or more

you can optionally enable icmp inspection - which then treats icmp as stateful.

Actions

This Discussion