cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
197
Views
0
Helpful
0
Replies

Communication issue in between Cisco Nexus 3172TQ VLANs (except default vlan) and ASA 5510

network_simplex
Level 1
Level 1

Hello,

With the recent replacement of Cisco Nexus 3172TQ with Cisco 4503, I have faced some issue.

As per our infrastructure - above the Cisco Nexus 3172TQ, I have ASA 5510 as upstream and Juniper SSG-550M as downstream. All the zones are connected with Juniper. ASA used for DMZ and filtering the Internet.

Before to start I would like to say that the Cisco Nexus 3172TQ works only VTP transparent mode, so we have changed all the connected LAN switches as transparent mode with same VTP domain. The VTP ver has set to 2.

Now after deploying the Cisco Nexus 3172TQ, configured with normal VLAN and HSRP  mode - I found that only the VLAN 1 traffic is passing through the Cisco Nexus 3172TQ and reaching ASA but rest of VLANs traffic are not able to reach ASA however the ASA is available from Cisco Nexus switch console and other zones are available via Juniper SSG 550M. Now for the downstream traffic, all the VLANs are communicating to the all zones which are available through Juniper SSG-550M. 

But the VLANs 101, 102 and so on are not able to access ASA or Internet.

Additionally from VLANs 101, 102 ..  the Juniper is not reachable (ping, telnet, ssh). But the same is available form Cisco Nexus 3172TQ  (funny!!!)

Can anyone help me to understand why the VLAN tag traffic is not able to pass through the ASA when VLAN 1 is able to connect to ASA?

To better understanding I am attaching the Network config.

I have tried to show the established communication path with Green mark and non communication path through Red mark.

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: