ASA 5505 VLAN Restriction

mrichter0474 · ‎03-29-2009

Hi

I have Problem with an ASA 5505 (Base License).

I have 3 VLAN (vlan1,vlan2,vlan3) i restricted the communication between vlan 1 and vlan 3 because of the licence.

interface Vlan1

no forward interface vlan 3

The communication to and from vlan2 works vom both vlans, but if i want initiate a connection from vlan3 into vlan 1 it doesn t work (Access-List is OK).

I get the message that the connected denyed.

Is it possible to initiate a connection from vlan3 to vlan1?

I think the only restriction because of the licence is to initiate a connection from vlan1 into vlan3 and not from vlan3 into vlan1.

Is there something special to do?

Thanks.

Best regards

Michael

mrichter0474 · ‎03-30-2009

Hi

Sorry I forgot to post the error Message.

I get following Message:

Mar 30 2009 12:15:46: %ASA-2-106001: Inbound TCP connection denied from 10.123.123.43/1028 to 192.168.4.234/80 flags SYN on interface inside2

vikram_anumukonda · ‎03-30-2009

what are the security levels on the three interfaces , the log message doesn't say much

"Explanation This is a connection-related message. This message occurs when an attempt to connect to an inside address is denied by the security policy that is defined for the specified traffic type"

mrichter0474 · ‎03-30-2009

Hi

The securitylevels are:

outside = 0

inside = 100

inside2 = 100

vikram_anumukonda · ‎03-30-2009

do you have " same-security-traffic permit inter-interface " configured, if not configure it and check the connectivity

mrichter0474 · ‎03-31-2009

Hi

Thanks, that solved my problem.

Best regarts

Michael

kwillacey · ‎06-24-2009

If the ASA has a site to site VPN will vlan 3 be able to initiate a connection across the VPN?