ASA 5505 VLAN Restriction

Unanswered Question
Mar 29th, 2009

Hi

I have Problem with an ASA 5505 (Base License).

I have 3 VLAN (vlan1,vlan2,vlan3) i restricted the communication between vlan 1 and vlan 3 because of the licence.

interface Vlan1

no forward interface vlan 3

The communication to and from vlan2 works vom both vlans, but if i want initiate a connection from vlan3 into vlan 1 it doesn t work (Access-List is OK).

I get the message that the connected denyed.

Is it possible to initiate a connection from vlan3 to vlan1?

I think the only restriction because of the licence is to initiate a connection from vlan1 into vlan3 and not from vlan3 into vlan1.

Is there something special to do?

Thanks.

Best regards

Michael

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mrichter0474 Mon, 03/30/2009 - 04:13

Hi

Sorry I forgot to post the error Message.

I get following Message:

Mar 30 2009 12:15:46: %ASA-2-106001: Inbound TCP connection denied from 10.123.123.43/1028 to 192.168.4.234/80 flags SYN on interface inside2

vikram_anumukonda Mon, 03/30/2009 - 04:46

what are the security levels on the three interfaces , the log message doesn't say much

"Explanation This is a connection-related message. This message occurs when an attempt to connect to an inside address is denied by the security policy that is defined for the specified traffic type"

vikram_anumukonda Mon, 03/30/2009 - 07:57

do you have " same-security-traffic permit inter-interface " configured, if not configure it and check the connectivity

kwillacey Wed, 06/24/2009 - 15:21

If the ASA has a site to site VPN will vlan 3 be able to initiate a connection across the VPN?

Actions

This Discussion