ASA 5505 issues with multiple interface vlans

Unanswered Question
Feb 18th, 2008

Hi,





I am experiencing some network issues for some time now, and this is a hairloosing project.


I need to create 5 networks for my customers. they are placed in the same building. They will share internet connectivity and a large printer. Other than that they should not be able to "see" eachother.


I have made 5 inside Subnets / vlans:


OUTSIDE:

Interface 0: VLAN 100 DHCP (sec level 0)


INSIDE:

Interface 1: VLAN 10 10.10.10.0/27 (sec level 100)

Interface 2: VLAN 20 10.10.10.32/27 (sec level 100)

Interface 3: VLAN 30 10.10.10.64/27 (sec level 100)

Interface 4: VLAN 40 10.10.10.96/27 (sec level 100)

Interface 5: VLAN 1 10.10.10.128/27 (sec level 100)


Firewall in routed mode.



My problem is that when i have typed the same-security-traffic permit inter-interface command in the CLI, i can access the networks across the interface vlans. BUT... i dont have any internet connection.

When i remove the command, i have internet connection but cannot access the inside networks.!


I think that is a NAT issue, but i really tried everything.

I dont think it is a issue with access rules because its permitting any traffic on the inside networks, and denying outside.

The question is: is it possible at all? and if it is, what am i missing?


Any hints are at this point welcome.



This should work because of the security plus license gives 20 vlans and with trunking capabilities.






Regards,

Ibrar

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jbrunsting Mon, 02/18/2008 - 08:11

A little clarification: I thought you said you want the five internal networks to access the internet, but not each other? Sounds like that's exactly what's happening. However, I'm not sure where the printer should be...maybe put it in its own network with security level 50? Is that where you're having the trouble?

ibrarmohammad Mon, 02/18/2008 - 14:46

Well... both yes & no.

I would like for a start that all inside networks can communicate with eachother and have the possibility for access the internet simultaneously.


I have actually prepared vlan 1 for sharing resources. well i havent tried setting the security level down, but cant it work without setting the security level down?



Actions

This Discussion