Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuring Sub interfaces on ASA but Unmanageable Switch Present

Hi All,

I am kind of dilemma to design my network for Inter VLAN routing. Here is the scenario

I have 1 ASA-5510, 1 outside interfaces and 2 inside interfaces. both Inside interfaces were working perfect for internet. Now we have requirement to configure those 1 interfaces in such a manner so that they both inside interfaces can communicate to each other.

Also We have need for 3 more IP network need to define for our network.

What I did , I disturbed 1 inside  interface and created sub interfaces with static IP on it. Now I am not able to get internet connectivity if I am changing Host IP to specific range.

We Don't have manageable switch

Please help.

I am looking for 2 things

1.> Will I be able to get all the subinterfaces communicating to each other with Internet connectivity?

2.> If not Can I create communication between 2 inside interfaces without creating sub interfaces.?

Everyone's tags (3)
5 REPLIES
Super Bronze

Re: Configuring Sub interfaces on ASA but Unmanageable Switch Pr

The answer to both your questions is YES.

Looking at your current configuration, you are missing the following command for connectivity between all the internal networks:

same-security-traffic permit inter-interface

For connectivity to the internet from all the internal networks, you are missing the following commands:

nat (inside-VL15) 1 192.168.15.0 255.255.255.0

nat (inside-VL17) 1 192.168.17.0 255.255.255.0

nat (inside-VL18) 1 192.168.18.0 255.255.255.0

nat (inside-VL19) 1 192.168.19.0 255.255.255.0

Hope that helps.

New Member

Re: Configuring Sub interfaces on ASA but Unmanageable Switch Pr

Hi,

I tried the config but I am not able to get the connection up.

for now we changed the scenario and using 1 oueside interface and 3 inside interfaces.

all these 3 interfaces are communicating to outside interface.

Please let me know how should I configure these 3 interfaces to communication to each other.

Re: Configuring Sub interfaces on ASA but Unmanageable Switch Pr

Could you post your current Show version.

To comunicate the interfaces to each other all the interfaces will need the SAME security level lets say 100 and the command same-security-traffic permit inter-interface. 

New Member

Re: Configuring Sub interfaces on ASA but Unmanageable Switch Pr

Hi,

Attaching the Show Version

Cisco Employee

Re: Configuring Sub interfaces on ASA but Unmanageable Switch Pr

apart from same security commands you need to do u turning on the router

firstly i assume your requirement is such that you do not want to nat the host shwne they need to talk internally


so we need to exempt nat for the traffic betwen one side interface to other so just add these networks in the nat exemtion access-list you already have

you can add this traffic in this acl access-list inside_nat0_outbound

for example for between vl17 to vl

access-list inside_nat0_outbound extended permit ip 192.168.17.0 255.255.255.0 192.168.15.0 255.255.255.0

do the same for the rest of the traffic

once you do that you will be able to ping and pass udp traffic but you might have prob with tcp if so then do tcp state by passs by following the below link

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b2d922.shtml

896
Views
0
Helpful
5
Replies