cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
572
Views
0
Helpful
3
Replies

asa VLAN problem

ronin2307
Level 1
Level 1

hi,

i have a ASA5510 with the SecPlus license

currently physical interfaces 0/0 and 0/1 are in use

0/0 outside

0/1 inside

I have now enabled 0/2 interface and I am trying to test creation and use of VLANs on that interface. hence i created a subinterface 0/2.7 which i called testvlan

what I would like to do is enable traffic between 0/1 and 0/2.7

I would also like 0/2.7 to be able to access the internet through the 0/0 (outside) interface

i have tried various things and I can only get one of those two things to work. I can either talk between 0/1 and 0/2.7 and can't access the internet from 0/2.7 (it appears because there is no NAT for testvlan and outside)

or

I can access the internet from 0/2.7 but only by IP (DNS resolution fails because the DNS server is on 0/1 network) and i cannot talk between 0/1 and 0/2.7

any help as far as the proper configuration is concerned would be very appreciated.

Thanks

3 Replies 3

a.alekseev
Level 7
Level 7

show the configuration...

this let's me talk between 0/1 and 0/2.7 but with this i cannot get to the internet. If I do a packet trace, there is no rule that blocks the traffic (according to the ASDM), but there is also no NAT rule that is used in the trace

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,testvlan) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

if i add this

nat (testvlan) 1 0.0.0.0 0.0.0.0

then nothing flows between 0/1 and 0/2.7 but i can go out to the internet by IP only

this is also enabled

same-security-traffic permit inter-interface

both interfaces are configured at 100 level

was that enough info?

thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco