asa VLAN problem

Unanswered Question
Jul 10th, 2008
User Badges:

hi,


i have a ASA5510 with the SecPlus license

currently physical interfaces 0/0 and 0/1 are in use


0/0 outside

0/1 inside


I have now enabled 0/2 interface and I am trying to test creation and use of VLANs on that interface. hence i created a subinterface 0/2.7 which i called testvlan


what I would like to do is enable traffic between 0/1 and 0/2.7

I would also like 0/2.7 to be able to access the internet through the 0/0 (outside) interface


i have tried various things and I can only get one of those two things to work. I can either talk between 0/1 and 0/2.7 and can't access the internet from 0/2.7 (it appears because there is no NAT for testvlan and outside)

or

I can access the internet from 0/2.7 but only by IP (DNS resolution fails because the DNS server is on 0/1 network) and i cannot talk between 0/1 and 0/2.7


any help as far as the proper configuration is concerned would be very appreciated.

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.alekseev Thu, 07/10/2008 - 13:35
User Badges:
  • Gold, 750 points or more

show the configuration...

ronin2307 Thu, 07/10/2008 - 13:38
User Badges:

this let's me talk between 0/1 and 0/2.7 but with this i cannot get to the internet. If I do a packet trace, there is no rule that blocks the traffic (according to the ASDM), but there is also no NAT rule that is used in the trace


global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,testvlan) 192.168.1.0 192.168.1.0 netmask 255.255.255.0



if i add this

nat (testvlan) 1 0.0.0.0 0.0.0.0


then nothing flows between 0/1 and 0/2.7 but i can go out to the internet by IP only



this is also enabled


same-security-traffic permit inter-interface


both interfaces are configured at 100 level


Actions

This Discussion