ASA 5510 to route Vlans

Unanswered Question
Aug 26th, 2009

Hi,

I have a Cisco ASA 5510 and need to use it to route between VLANs as i don't have a router for the time being. I have been reading online and it is possible as it is a layer 3 device, although I can't seem to get it working.

I have an inside, outside and a DMZ. The DMZ is in the IP range 172.99.0.0/24 and in vlan 80 and the inside is in the IP range 10.192.3.0/24 and in vlan 10. These are the 2 vlan/ip ranges I need to communicate.

On the switch I am using the config commands:

Interface 0/48

switchport trunk allowed vlan all

switchport mode trunk

Then ports 1 to 36 are placed on vlan 10 and ports 37 to 47 are on vlan 80; all set for access mode.

On the ASA i am using the config:

Interface Ethernet 0/3

No ip address

No shutdown

Nameif VLAN_Routing

Security-level 100

Interface Etherenet 0/3.1

Ip address 172.99.0.1 255.255.255.0

Nameif DMZ_VLAN

Security-level 100

Vlan 80

no shutdown

Interface Etherenet 0/3.2

Ip address 10.192.3.2 255.255.255.0

Nameif Inside_VLAN

Security-level 100

Vlan 1

no shutdown

####

I thought the problem may be because I don't have any encapsulation on the trunking ports. The ASA command "vlan 10" apparently encapsulates in dot1q automatically, but i can't seem to find where to do this on the switch: the switch is a catalyst 2960.

Hopefully someone can help me get these 2 lans communicating.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Mon, 08/31/2009 - 08:45

On the 2960 I'm pretty sure that only dot1q is supported. On the switch you can verify if the trunk is working with show interface trunk and it should show fa0/48 as a trunk. I do see an error on the ASA config. The main interface can not have a nameif.

interface Eth0/3

no nameif

You will also need same-security-traffic permit inter-interface

Hope that helps.

Actions

This Discussion