Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Allowing Traffick Between vlans on ASA5505

I have a Cisco ASA5505 configured with 3 vlans outside = x.x.x.x \24, inside = 10.217.46.1 \ 27, and wifi = 10.217.46.33 \ 27. I have security plus liscense but i cant access anything in the inside if im on wifi or i cant access anything from wifi if im on inside cant even ping between vlans but access to the internet is working just fine on both sides any ideas.

4 REPLIES
New Member

Allowing Traffick Between vlans on ASA5505

Hello Robert,

What is the security level between interfaces? Would you mind sharing your configuration?

-Eddy Duran

New Member

Allowing Traffick Between vlans on ASA5505

they are both at 100

Super Bronze

Allowing Traffick Between vlans on ASA5505

Hi,

The easiest way to solve this would naturally to see the configuration.

The main things that might affect on the firewall side are

  • Missing interface ACL
  • Missing some NAT configuration (depending on software level of the ASA)
  • The interface "security-level" are set to identical which would block traffic between these interfaces if you DONT have "same-security-traffic permit inter-interface"

You can also take the "packet-tracer" output if you want to test the firewall configurations/rules

packet-tracer input inside tcp

packet-tracer input wifi tcp

One common problen with ICMP through the firewall is missing ICMP Inspection

It can be added with

fixup protocol imcp

fixup protocol icmp error

Or alternatively by entering

policy-map global_policy

class inspection_default

  inspect icmp error

  inspect icmp

- Jouni

Super Bronze

Allowing Traffick Between vlans on ASA5505

Hi,

You need to add "same-security-traffic permit inter-interface" atleast

- Jouni

152
Views
0
Helpful
4
Replies