Hi There,
I have the following Interfaces and routes.
interface GigabitEthernet0/0.127
vlan 127
nameif Vlan127
security-level 50
ip address 192.168.127.1 255.255.255.0
!
interface GigabitEthernet0/0.128
vlan 128
nameif Vlan128
security-level 50
ip address 192.168.128.1 255.255.255.0
!
interface GigabitEthernet0/0.129
vlan 129
nameif Vlan129
security-level 50
ip address 192.168.129.1 255.255.255.0
!
interface GigabitEthernet0/0.250
description Vid_Conf
vlan 250
nameif vlan250
security-level 100
ip address 10.44.250.1 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.27.100.160 255.255.252.0
route outside 0.0.0.0 0.0.0.0 217.x.x.x
route inside 10.0.0.0 255.0.0.0 172.27.100.10 1
route inside 172.16.0.0 255.240.0.0 172.27.100.10 1
I'm running a packet tracer to see if I can ping one of my inside networks using the vlan interface IP as the source.
packet-tracer input vlan250 icmp 10.44.250.1 8 0 172.27.4.1
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.240.0.0 inside
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: vlan250
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Should I be able to use the VLAN250 Interface IP as the source?
If I use another address within that network the packet tracer allows ICMP. See below
# packet-tracer input vlan250 icmp 10.44.250.10 8 0 172.27.4.1
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.240.0.0 inside
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 4
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
service-policy global_policy global
Additional Information:
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
and so forth...