Inter-VLAN routing with an ASA5500 as the default gateway

Unanswered Question
Jul 7th, 2009
User Badges:

Hello Everyone,

I am getting confilcting information and thought I would turn to you all. On a network with 10 vlans and an ASA510 V. 8.1 being used for inter-vlan routing this is what it seems I need to do.

1) Create 10 subinterfaces on the insided interface

2) Use the subinterfaces as the default gateway for each VLN

3)Allow 8021.q trunking on the the inside interface.

4) Create static routes on teh ASA from each VLAN to the other so that there are a total of 100 statics routes.

Should inter-lan routing be working at this point?

Thanks in advance! All replies rated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Collin Clark Tue, 07/07/2009 - 10:50
User Badges:
  • Purple, 4500 points or more

Step 4 is not needed. You will also need to permit traffic between each interface. There are a number of ways to do that depending on your security policy.

srue Tue, 07/07/2009 - 11:01
User Badges:
  • Blue, 1500 points or more

like collin said, step 4 is not needed.

is nat-control enabled? what is the security level of each interface? are there any nat rules in place?

have you allowed inter-interface communication as previously suggested?

same-security-traffic permit inter-interface

are there any acl's on any inside interfaces?

we really need to see your config to see what the problems might be.

Collin Clark Tue, 07/07/2009 - 13:19
User Badges:
  • Purple, 4500 points or more


This Discussion