03-29-2009 11:06 PM - edited 03-11-2019 08:11 AM
Hi
I have Problem with an ASA 5505 (Base License).
I have 3 VLAN (vlan1,vlan2,vlan3) i restricted the communication between vlan 1 and vlan 3 because of the licence.
interface Vlan1
no forward interface vlan 3
The communication to and from vlan2 works vom both vlans, but if i want initiate a connection from vlan3 into vlan 1 it doesn t work (Access-List is OK).
I get the message that the connected denyed.
Is it possible to initiate a connection from vlan3 to vlan1?
I think the only restriction because of the licence is to initiate a connection from vlan1 into vlan3 and not from vlan3 into vlan1.
Is there something special to do?
Thanks.
Best regards
Michael
03-30-2009 04:13 AM
Hi
Sorry I forgot to post the error Message.
I get following Message:
Mar 30 2009 12:15:46: %ASA-2-106001: Inbound TCP connection denied from 10.123.123.43/1028 to 192.168.4.234/80 flags SYN on interface inside2
03-30-2009 04:46 AM
what are the security levels on the three interfaces , the log message doesn't say much
"Explanation This is a connection-related message. This message occurs when an attempt to connect to an inside address is denied by the security policy that is defined for the specified traffic type"
03-30-2009 07:54 AM
Hi
The securitylevels are:
outside = 0
inside = 100
inside2 = 100
03-30-2009 07:57 AM
do you have " same-security-traffic permit inter-interface " configured, if not configure it and check the connectivity
03-31-2009 03:42 AM
Hi
Thanks, that solved my problem.
Best regarts
Michael
06-24-2009 03:21 PM
If the ASA has a site to site VPN will vlan 3 be able to initiate a connection across the VPN?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide