I want information on interface GigabitEthernet0/1.54 to be able to talk to interface GigabitEthernet0/1.17.

i know they are on different Subnet masks, but i want to be able to leave the .54 subinterface and come back in on the .17 interface (through webvpn). It will not hit the site 216.12.5.2(which is the same interface it left to go to the outside world)

BUT i want to be able to do it leaving on the 216.12.5.2 and coming back in on the 216.12.5.2 (same interface)(basically going out to the internet and coming back in) here is my config...

its attached..

Sorry that is confusing - just so I am clear you want traffic from "inside_vlan54" to to be able to go to "inside_vlan17" but look like it came from the "outside" interface?

yes!...however it will have to go out to the internet, then come back in.

but it is on the same IP address. make sense?

Thank you. :)

Since they are using the same interface and same IP i didnt think so.

NOTE TO SELF:

Subinterfaces that share the same IP address will not communicate with each other if they go out to the Internet Cloud!!!!!

THank you!!!!

np - glad to help.

Can you tell me why you need to do it this way, as there might be another way of doing it?

Sure,

I was trying to avoid using our remaining OUTSIDE IP addresses that our ISP gave us and I didnt want to use the Last interface on the ASA.

A way to beat this is two options:

1. Buy a Pix firewall so you would have a separate Interface.

2. Use another Outside IP address different from the one your on that way your leaving a interface and coming back in on a separate interface.

Agree?

Mmmmm - can you draw a diagram on what what you think the traffic flow would be for your solution.