Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Subinterfaces configured but hosts are not able to connect

Hi,

I configured 3 LAN interfaces on ASA. 2 interfaces are able to communicate to each other but at 3rd interface I am creating subinterfaces. also I can ping hosts on other VLANs from Cisco 2960. but host-host communication is not getting possible.Please suggest the solution for this

Thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Subinterfaces configured but hosts are not able to connect

For communication between interfaces, you would need to configure static NAT to itself statements:

For example: If you are trying to communicate between INSIDE-VL5 and INSIDE-VL17 subnets:

static (INSIDE-VL5,INSIDE-VL17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

Then "clear xlate" after the above changes.

Same goes for communication to other subinterface.


Hope that helps.

Hall of Fame Super Blue

Re: Subinterfaces configured but hosts are not able to connect

Don't forget you will need statics both ways eg.

vlan 5 = 192.168.5.0/24

vlan 17 = 192.168.6.0/24

static (VLAN5, VLAN 17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

static (VLAN17, VLAN5) 192.168.6.0 192.168.6.0 netmask 255.255.255.0

Jon

6 REPLIES
Cisco Employee

Re: Subinterfaces configured but hosts are not able to connect

For communication between interfaces, you would need to configure static NAT to itself statements:

For example: If you are trying to communicate between INSIDE-VL5 and INSIDE-VL17 subnets:

static (INSIDE-VL5,INSIDE-VL17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

Then "clear xlate" after the above changes.

Same goes for communication to other subinterface.


Hope that helps.

Community Member

Re: Subinterfaces configured but hosts are not able to connect

Hi,

Thanks for the reply, but How I wil make a static NAT with the one which is already created.

for example: if Static NAT is created between VLAN-15 and VLAN-21 then How I can make one static statement with VLAN-15 to VLAN-5 ?

Will it work or is there another way to configure it?

Thanks

Hall of Fame Super Blue

Re: Subinterfaces configured but hosts are not able to connect

pushpendrayadav wrote:

Hi,

Thanks for the reply, but How I wil make a static NAT with the one which is already created.

for example: if Static NAT is created between VLAN-15 and VLAN-21 then How I can make one static statement with VLAN-15 to VLAN-5 ?

Will it work or is there another way to configure it?

Thanks

It will work fine, you can have multiple static NATs eg.

static (INSIDE-VL5,INSIDE-VL17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

static (INSIDE-VL5,INSIDE-VL21) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

etc..

Jon

Community Member

Re: Subinterfaces configured but hosts are not able to connect

Thanks, It worked but still I can not ping to host connected to interface e0/3.1 from the host connected to e 0/1. but vice versa is possible

Hall of Fame Super Blue

Re: Subinterfaces configured but hosts are not able to connect

Don't forget you will need statics both ways eg.

vlan 5 = 192.168.5.0/24

vlan 17 = 192.168.6.0/24

static (VLAN5, VLAN 17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

static (VLAN17, VLAN5) 192.168.6.0 192.168.6.0 netmask 255.255.255.0

Jon

Community Member

Re: Subinterfaces configured but hosts are not able to connect

Thanks

It worked for me.

284
Views
0
Helpful
6
Replies
CreatePlease to create content