I have a sub-interface 'on' the inside (see below) and setup the VLAN ID --> Connected the VLAN to the SWITCH and routed to the PORT. The Server(s) recognize the 'new' VLAN / IPs; but do not have connectivity to the internet. My assumption is it's at the gateway? Also; I can ping an IP on the inside interface from the VLAN, but not the inside interface itself.
! interface GigabitEthernet0/1 speed 100 duplex full nameif Inside security-level 100 ip address 10.10.10.1 255.255.255.0 ! interface GigabitEthernet0/1.20 vlan 20 nameif IOS_DC security-level 100 ip address 10.10.2.1 255.255.255.0 !
The configuration seems kinda strange. I mean the fact that you have configured IP address under the actual physical interface but also configured subinterface for the physical interface. Typically when you configure a Trunk you leave the physical interface configurations blank other than set the duplex/speed and description configurations.
How is the switchport connected to this ASA configured?
EDIT: Just to add. I presume that if your "inside" users are in Vlan 1 of the switched network then this is probably understandable that is works as the traffic comes to the ASA probably untagged.
If you want to test the ASA configurations then you can use the command
The above IPs are just chosen by me randomly. The output of the above command should show you what rules such a packet would match on the ASA. We could for example see if the traffic is even allowed and if its allowed does it have proper NAT configurations and so on.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :