Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
617
Views
0
Helpful
5
Replies

how to communication between vlans in asa

lokeshpatidarnmh
Level 1
Level 1

‎09-12-2014 01:40 AM - edited ‎03-11-2019 09:44 PM

Hi Everybody


I am new to ASA, we have ASA 5505 with Security Plus license.  Please see attachment for Configuration. I am trying to do is route from interface (Vlan 1 - 10.0.0.0 inside) to Internal_LAN (vlan 3 -20.0.0.0) and vice versa

From each subnet I am able to connect to the internet, but I need these subnets to also be able to talk to each other.

I have each VLAN interface at security level 100 and enabled "same-security-traffic permit inter-interface"

I would thankful for any support


thanks!

Labels:
Preview file
5 KB
0 Helpful
5 Replies 5

Saurabh Kishore
Level 1
Level 1

‎09-12-2014 02:51 AM

Use the packet tracer command which will show you, what's stopping them from communicating.

0 Helpful

Walter Astori
Level 1
Level 1
In response to Saurabh Kishore

‎09-12-2014 05:35 AM

Try to execute the below command :

no same-security-traffic permit inter-interface

 

0 Helpful

lokeshpatidarnmh
Level 1
Level 1
In response to Saurabh Kishore

‎09-15-2014 11:48 PM

Hi Saurabh Kishore

Hi walter.astori 

thanks for your idea...

0 Helpful

Marius Gunnerud
VIP
VIP
In response to lokeshpatidarnmh

‎09-16-2014 01:28 AM

The following command is your problem:

nat-control

remove this command...or...create NAT rules for traffic between the inside interface and AP interface.

this command is no longer in use in the newer versions of ASA.  Originally it was placed in the configuration as an extra security measure, but I suppose it was found that it wasn't really needed so it was removed completely as of ASA 8.4.

So just issue the command:

no nat-control

and then test and let us know.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Marius Gunnerud
VIP
VIP
In response to Marius Gunnerud

‎09-16-2014 01:29 AM

Also do not remove the same-security-traffic permit inter-interface command.  This is needed to allow traffic between interfaces that have the same security level.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card