Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

ASA 5505 help

hi guys.

i would like to know how to provide access from all my vlans that reside on my asa 5505 to certain network resources, such as mail server,file srv, network printers....

my network layout is as follows:

2811=>ASA5505=>CATALYST Express 500

the 2811 only connects to the internet, and with static nat, gives everything that comes to my public ip to its inside fa0/0. the asa then does everything else. all the vlans reside on the asa5505, and all the routing and natting happens on the asa5505.

I have enabled the inter and intra-vlan routing, but no success.


i want a client that reside on vlan2 with an ip of and default gateway (asa5505) to be able to access a printer on and a client on to be able to access the mail server on

Please Help?!?!?!


Re: ASA 5505 help

How many VLANs do you have? Do you want everything to communicate between the VLANs or just somethings like printing?

Re: ASA 5505 help

i have 3 vlans.

i dont want everything to communicate amongst eachother in the vlans.

i want all users from all vlans to be able to have access to my mailserver,to network printers, and a network storage.

Re: ASA 5505 help

You'll need to look at doing same security interfaces or NAT, along with ACLs. You need to document IPs, ports, and protocols for communications between systems. Once that is done you can start to make configuration changes.

Re: ASA 5505 help

i already have all of this documented.

what type of config changes do i need to make?

when you say protocols, you mean smtp,http etc,dns etc??

my server resides at

my network printer is

i need users from all vlans to be able to access the above mentioned network resources.

i am posting my asa 5505 config so you can better understand, so you could perhaps help me better!thank you!!

Re: ASA 5505 help

Here is what I would do. I would permit same-security interface.

By default, interfaces on the same security level cannot communicate with each other. Allowing

communication between same security interfaces lets traffic flow freely between all same security

interfaces without access lists.

If you enable same security interface communication, you can still configure interfaces at different

security levels as usual.

To enable interfaces on the same security level so that they can communicate with each other, enter the

following command:

hostname(config)# same-security-traffic permit inter-interface

To disable this setting, use the no form of this command.

Then create an ACL to allow traffic from your host on one network to the printer, storage, etc on the other.


access-list extended inside1_to_inside2 permit tcp host eq 9100

Don't forget to apply the ACL to the interface and in the right direction.

access-group inside1_to_inside2 in interface inside1

CreatePlease to create content