Transparent multiple context... where is the problem...

Unanswered Question

Hello,

I try to configure an ASA appliance in transparent multiple context mode. My topology is like this :

Router (Gi0/0.101 10.10.10.1)

                      \--- (Eth0/0.101) ASA (Eth0/1.1)

                                                            \--- (Fa0/1 Trunk) Switch (Fa0/2 VLAN 1)

                                                                                                         \--- Host (10.10.10.100)

Some information :

     - Subinterface and VLAN correspond (ex. Eth0/0.101 = VLAN 101, Eth0/1.1 = VLAN 1) 

     - Eth0/0.101 and Eth0/1.1 are VLAN allocated to my admin context

     - Admin context use 10.10.10.2 as IP address

     - All interfaces are up !

I can ping 10.10.10.2 from 10.10.10.1 but I can't ping 10.10.10.100 from 10.10.10.2 or 10.10.10.1.

Do you see a problem in my topology ?

Jerome

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wromsait Wed, 09/29/2010 - 18:15

Hello Jerome,

I suspect the issue is between the ASA Eth0/1.1 and your Switch Fa0/1 trunk.  On the switch, usually by default vlan 1 is the native vlan and this vlan is not tagged on the switch side.  However, your traffic on the ASA side will be tagged with the dot1q header.   Can you try configuring the ip on the main interface of the ASA Eth0/1 instead of Eth0/1.1 and see if this makes a difference ?  Or use a different vlan other than 1 between the Eth0/1.1 and the Fa0/1 on the trunk.

Hope this helps.

Nagaraja Thanthry Wed, 09/29/2010 - 18:58

Hello,

An easier alternative is to change the native VLAN on the switch. Since ASA anyways does not understand the native VLAN concept, it should not matter.

Regards,

NT

Actions

This Discussion