I am running into a problem but I don't know if this is a limitation of my device or a configuration problem. I appreciate any help or advice from any of you. Here's my scenario:
I have an ASA 5505 only 3 VLAN allowed because of the license apparently
so VLAN 1 (inside), VLAN 2 (outside) and VLAN 3 (DMZ but in my case I call it TEST)
I set vlan 3 with security level 100 as I am using it for an internal network connection. I don't have a router and was in need of two networks network 1 for inside 10.10.10.X and network 2 running on VLAN 3 TEST 20.20.20.X
What I want to do is be able to communicate between VLAN 3 and VLAN2 and vice-versa. since they are both internal LANs I added an ACL to allow all ip traffic coming from one interface to the other.
Someone mentioned that this is not possible because of the type of appliance I have. That the license was restricting me to pass traffic between both interfaces. I don't know if this is right or wrong that is why I am requesting your helps guys.
So seems you have Base License ASA5505 with 3 Vlan limitation (2 normal 1 resricted)
This essentially means that your 2 Vlans will NOT be restricted with regards where they can form connections. But the third Vlan will have to be restricted towards either of the 2 other Vlans or the interface can not be enabled.
Typically this setup is done so that the 3rd Vlan is used as DMZ therefore making it logical to limit connectivity towards the LAN as that is basically how DMZs should behave.
You can naturally approach the situation a bit differently. You could configure this restriction from your "outside" to your "dmz" since this is probably not used to host any services to the public network? Or atleast that what I understood? This would essentially configure the limitation from "outside" to "dmz" but would leave your "dmz" and "inside" without any restrections in communication.
You might initially have this configuration
ip address x.x.x.x y.y.y.y
ip address 10.10.10.1 255.255.255.0
Now if you were to add the third Vlan you could try doing this (provided you dont have to have any access from "outside" to "dmz")
ASA(config)# interface Vlan 3
ASA(config)# interface Vlan 2
ASA(config-if)# no forward interface Vlan3
ASA(config)# interface Vlan 3
ASA(config-if)# nameif test
ASA(config-if)# security-level 100
ASA(config-if)# ip address x.x.x.x y.y.y.y
The reason for the above order is the fact that you can not enable a third interface with the "nameif" command until you have a restriction in place. So you first create the new Vlan interface (without other configurations) and then move to the interface from which you want the restriction and apply it there. Then you are free to configure the third inteface as you see fit.
If you decide to use same "security-level" on the interface then you will naturally need the command enable that Peter above provided.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...