asa VLAN problem

ronin2307 · ‎07-10-2008

hi,

i have a ASA5510 with the SecPlus license

currently physical interfaces 0/0 and 0/1 are in use

0/0 outside

0/1 inside

I have now enabled 0/2 interface and I am trying to test creation and use of VLANs on that interface. hence i created a subinterface 0/2.7 which i called testvlan

what I would like to do is enable traffic between 0/1 and 0/2.7

I would also like 0/2.7 to be able to access the internet through the 0/0 (outside) interface

i have tried various things and I can only get one of those two things to work. I can either talk between 0/1 and 0/2.7 and can't access the internet from 0/2.7 (it appears because there is no NAT for testvlan and outside)

or

I can access the internet from 0/2.7 but only by IP (DNS resolution fails because the DNS server is on 0/1 network) and i cannot talk between 0/1 and 0/2.7

any help as far as the proper configuration is concerned would be very appreciated.

Thanks

a.alekseev · ‎07-10-2008

show the configuration...

ronin2307 · ‎07-10-2008

this let's me talk between 0/1 and 0/2.7 but with this i cannot get to the internet. If I do a packet trace, there is no rule that blocks the traffic (according to the ASDM), but there is also no NAT rule that is used in the trace

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,testvlan) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

if i add this

nat (testvlan) 1 0.0.0.0 0.0.0.0

then nothing flows between 0/1 and 0/2.7 but i can go out to the internet by IP only

this is also enabled

same-security-traffic permit inter-interface

both interfaces are configured at 100 level

ronin2307 · ‎07-10-2008

was that enough info?

thanks