asa VLAN problem

Unanswered Question
Jul 10th, 2008
User Badges:


i have a ASA5510 with the SecPlus license

currently physical interfaces 0/0 and 0/1 are in use

0/0 outside

0/1 inside

I have now enabled 0/2 interface and I am trying to test creation and use of VLANs on that interface. hence i created a subinterface 0/2.7 which i called testvlan

what I would like to do is enable traffic between 0/1 and 0/2.7

I would also like 0/2.7 to be able to access the internet through the 0/0 (outside) interface

i have tried various things and I can only get one of those two things to work. I can either talk between 0/1 and 0/2.7 and can't access the internet from 0/2.7 (it appears because there is no NAT for testvlan and outside)


I can access the internet from 0/2.7 but only by IP (DNS resolution fails because the DNS server is on 0/1 network) and i cannot talk between 0/1 and 0/2.7

any help as far as the proper configuration is concerned would be very appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Thu, 07/10/2008 - 13:35
User Badges:
  • Gold, 750 points or more

show the configuration...

ronin2307 Thu, 07/10/2008 - 13:38
User Badges:

this let's me talk between 0/1 and 0/2.7 but with this i cannot get to the internet. If I do a packet trace, there is no rule that blocks the traffic (according to the ASDM), but there is also no NAT rule that is used in the trace

global (outside) 1 interface

nat (inside) 1

static (inside,testvlan) netmask

if i add this

nat (testvlan) 1

then nothing flows between 0/1 and 0/2.7 but i can go out to the internet by IP only

this is also enabled

same-security-traffic permit inter-interface

both interfaces are configured at 100 level


This Discussion