Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
6
Replies

Subinterfaces configured but hosts are not able to connect

Go to solution
pushpendrayadav
Level 1
Level 1

‎10-01-2010 02:42 AM - edited ‎03-11-2019 11:48 AM

Hi,

I configured 3 LAN interfaces on ASA. 2 interfaces are able to communicate to each other but at 3rd interface I am creating subinterfaces. also I can ping hosts on other VLANs from Cisco 2960. but host-host communication is not getting possible.Please suggest the solution for this

Thanks

Labels:
72869-Cisco Send.txt.zip
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎10-01-2010 03:17 AM

For communication between interfaces, you would need to configure static NAT to itself statements:

For example: If you are trying to communicate between INSIDE-VL5 and INSIDE-VL17 subnets:

static (INSIDE-VL5,INSIDE-VL17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

Then "clear xlate" after the above changes.

Same goes for communication to other subinterface.


Hope that helps.

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to pushpendrayadav

‎10-01-2010 12:33 PM

Don't forget you will need statics both ways eg.

vlan 5 = 192.168.5.0/24

vlan 17 = 192.168.6.0/24

static (VLAN5, VLAN 17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

static (VLAN17, VLAN5) 192.168.6.0 192.168.6.0 netmask 255.255.255.0

Jon

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎10-01-2010 03:17 AM

For communication between interfaces, you would need to configure static NAT to itself statements:

For example: If you are trying to communicate between INSIDE-VL5 and INSIDE-VL17 subnets:

static (INSIDE-VL5,INSIDE-VL17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

Then "clear xlate" after the above changes.

Same goes for communication to other subinterface.


Hope that helps.

0 Helpful

Go to solution
pushpendrayadav
Level 1
Level 1
In response to Jennifer Halim

‎10-01-2010 09:27 AM

Hi,

Thanks for the reply, but How I wil make a static NAT with the one which is already created.

for example: if Static NAT is created between VLAN-15 and VLAN-21 then How I can make one static statement with VLAN-15 to VLAN-5 ?

Will it work or is there another way to configure it?

Thanks

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to pushpendrayadav

‎10-01-2010 12:18 PM 

pushpendrayadav wrote:
Hi,
Thanks for the reply, but How I wil make a static NAT with the one which is already created.
for example: if Static NAT is created between VLAN-15 and VLAN-21 then How I can make one static statement with VLAN-15 to VLAN-5 ?
Will it work or is there another way to configure it?
Thanks

It will work fine, you can have multiple static NATs eg.

static (INSIDE-VL5,INSIDE-VL17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

static (INSIDE-VL5,INSIDE-VL21) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

etc..

Jon

0 Helpful

Go to solution
pushpendrayadav
Level 1
Level 1
In response to Jon Marshall

‎10-01-2010 12:29 PM

Thanks, It worked but still I can not ping to host connected to interface e0/3.1 from the host connected to e 0/1. but vice versa is possible

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to pushpendrayadav

‎10-01-2010 12:33 PM

Don't forget you will need statics both ways eg.

vlan 5 = 192.168.5.0/24

vlan 17 = 192.168.6.0/24

static (VLAN5, VLAN 17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

static (VLAN17, VLAN5) 192.168.6.0 192.168.6.0 netmask 255.255.255.0

Jon

0 Helpful

Go to solution
pushpendrayadav
Level 1
Level 1
In response to Jon Marshall

‎10-01-2010 12:53 PM

Thanks

It worked for me.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card