ASA multiple connections (VLANS) to the same Ethernet

ph0enix · ‎08-05-2009

Hi,

I have an ASA 5505 (SEC Plus) and I'm trying to configure it so it can be accessed from two subnets running in the same switch. Let's call the subnets:

192.168.1.0/24 and 192.168.2.0/24

I configured a VLAN for 192.168.1.0/24 on one ethernet port and another VLAN for 192.168.2.0/24 on another port. Let's assume that the two VLAN interfaces are configured with the following addresses 192.168.1.1 and 192.168.2.1. Both ASA ports are plugged into the same switch using different ports so that hosts from each respective subnet can get to the ASA. When I login to the ASA, I can ping hosts on both subnets via the respective interfaces but when I try to ping 192.168.2.1 from the hosts in that subnet, I get a single reply and the rest of the pings time out:

Pinging 192.168.2.1 with 32 bytes of data:

Reply from 192.168.2.1: bytes=32 time=1ms TTL=255

Request timed out.

Ping statistics for 192.168.2.1:

Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 1ms, Average = 1ms

What am I doing wrong?

Thank you!

J.

guibarati · ‎08-07-2009

you are connecting the two ports on the same switch with no Vlan on the swith?

If so that is the problem, you are connecting ASA's interface 1 and ASA's interface 2 to eachother over layer2

They may be sharing the same MAC also.

You need either connect them to different switches or to different VLANS on the same switch.