Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1453
Views
0
Helpful
3
Replies

ASA 5510 8.3 Inter-Vlan routing with NAT

Go to solution
philcisco2
Level 1
Level 1

‎07-10-2012 09:11 AM - edited ‎03-11-2019 04:29 PM

Hello,

I have found multiple solutions to this question for < 8.2 but no solutions for the new way the ASA does nat statments

Basically i have multiple VLAN's and i need 2 of them to communicate

inside - 192.168.1.0/24 ( security-level 100 )

voice - 192.168.100.0/24 ( security-level 100 )

Error i am getting is:

192.168.1.100                    192.168.100.100                    Deny inbound icmp src inside:192.168.1.100 dst Voice:192.168.100.100 (type 8, code 0)

When trying to ping from 192.168.1.100 to 192.168.100.100

I know what has to happen is i need 2 static nat statements to route the information from one subnet to the other. problem is i can't seam to generate the right statments.

I have come up with:

object network obj_nat_voice_to_inside

subnet 192.168.1.0 255.255.255.0

nat (inside,Voice) static interface

object network obj_nat_inside_to_voice

subnet 192.168.100.0 255.255.255.0

nat (Voice,inside) static interface

They are not working i know there is something wrong just can't figure it out

I have found multiple examples for the old style nat statments to resolve this issue but none on the new style.

can someone give me a hand with this?

Thanks in advnace!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
alejands
Level 1
Level 1

‎07-10-2012 09:28 AM

Hello,

Have you enable the command:

same-security-traffic permit inter-interface

also can you try with this NATs:

nat (inside,Voice) source static obj_nat_inside_to_voice obj_nat_inside_to_voice

nat (Voice,inside) source static obj_nat_voice_to_inside obj_nat_voice_to_inside

Let me know how this works for you

View solution in original post

0 Helpful
3 Replies 3

Go to solution
alejands
Level 1
Level 1

‎07-10-2012 09:28 AM

Hello,

Have you enable the command:

same-security-traffic permit inter-interface

also can you try with this NATs:

nat (inside,Voice) source static obj_nat_inside_to_voice obj_nat_inside_to_voice

nat (Voice,inside) source static obj_nat_voice_to_inside obj_nat_voice_to_inside

Let me know how this works for you

0 Helpful

Go to solution
philcisco2
Level 1
Level 1

‎07-10-2012 10:13 AM

same-security-traffic permit inter-interface

did the trick

Thank you so much!

0 Helpful

Go to solution
alejands
Level 1
Level 1
In response to philcisco2

‎07-10-2012 10:46 AM

You are very welcome

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card