OK here is my situation...
I have two vlans that are on my ASA. However, One VLAN is a tennant of ours, and the other is mine.
I want my tenant to be able to access my network, but ONLY from webvpn connection. However, here is the catch. It uses the same interface as i do. (i just made subinterfaces for both of us)
I Have their traffic pointing to the ISP, with the ISP dns as well. (Basically they can get to the Internet and thats it!)
When i try to get to our secure site from their VLAN it will not hit the site.
What can I do? HELP!!!!!!
Solved! Go to Solution.
I want information on interface GigabitEthernet0/1.54 to be able to talk to interface GigabitEthernet0/1.17.
i know they are on different Subnet masks, but i want to be able to leave the .54 subinterface and come back in on the .17 interface (through webvpn). It will not hit the site 188.8.131.52(which is the same interface it left to go to the outside world)
BUT i want to be able to do it leaving on the 184.108.40.206 and coming back in on the 220.127.116.11 (same interface)(basically going out to the internet and coming back in) here is my config...
Sorry that is confusing - just so I am clear you want traffic from "inside_vlan54" to to be able to go to "inside_vlan17" but look like it came from the "outside" interface?
yes!...however it will have to go out to the internet, then come back in.
but it is on the same IP address. make sense?
Thank you. :)
Since they are using the same interface and same IP i didnt think so.
NOTE TO SELF:
Subinterfaces that share the same IP address will not communicate with each other if they go out to the Internet Cloud!!!!!
I was trying to avoid using our remaining OUTSIDE IP addresses that our ISP gave us and I didnt want to use the Last interface on the ASA.
A way to beat this is two options:
1. Buy a Pix firewall so you would have a separate Interface.
2. Use another Outside IP address different from the one your on that way your leaving a interface and coming back in on a separate interface.