Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Question on a 3rd Vlan on ASA 5505 and outside traffic

Hello - I have a Cisco ASA 5505 with the Base License and 3 Vlans DMZ Restircted - The top level question I guess I have first is - if I setup a 3rd Vlan as a Test and need to connect this to the internet can I with this License?

This is my current config.

I have a inside Vlan with lets say a 192.168.1.1/24

I have a outside interface with a static IP.

Everything works.

What I want to do is add a 3rd Vlan with an ip of 10.10.10.1 and have a server attached to Port 5 - I have made this switchport for that vlan.

I can ping the server 10.10.10.10 from the asa and can ping the asa from the server so thats good - but I want my server to reach out to the internet so I can test a couple of things.

Any ideas?

Many Thanks           

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: Question on a 3rd Vlan on ASA 5505 and outside traffic

Hi,

You can have both the LAN and DMZ interface use the WAN connection of the ASA.

Though this naturally depends how you have set the command on the restricted interface

The command

no forward interface Vlanvx

To my understanding this just disabled connection initiation from behind this interface to the interface specified in the command. However the reverse direction when initiating connection should still be possible.

Sometimes the "no forward interface Vlanx" might be set on the DMZ interface and the target Vlan interface would be that of the LAN interface. In that case DMZ could open connections towards the WAN interface without any problems.

- Jouni

2 REPLIES
Super Bronze

Re: Question on a 3rd Vlan on ASA 5505 and outside traffic

Hi,

You can have both the LAN and DMZ interface use the WAN connection of the ASA.

Though this naturally depends how you have set the command on the restricted interface

The command

no forward interface Vlanvx

To my understanding this just disabled connection initiation from behind this interface to the interface specified in the command. However the reverse direction when initiating connection should still be possible.

Sometimes the "no forward interface Vlanx" might be set on the DMZ interface and the target Vlan interface would be that of the LAN interface. In that case DMZ could open connections towards the WAN interface without any problems.

- Jouni

New Member

Question on a 3rd Vlan on ASA 5505 and outside traffic

Hi Jouni

Thanks - I actualy did use that command before I posted since it did not let me create the Vlan until did the no forward.

I knew where I went wrong, I forgot to put the nat command in duh - once I did that everything is working.

But yes - I did not know about that command until I was doing this.

Thanks

186
Views
0
Helpful
2
Replies
CreatePlease to create content