07-10-2008 01:30 PM - edited 03-06-2019 12:07 AM
hi,
i have a ASA5510 with the SecPlus license
currently physical interfaces 0/0 and 0/1 are in use
0/0 outside
0/1 inside
I have now enabled 0/2 interface and I am trying to test creation and use of VLANs on that interface. hence i created a subinterface 0/2.7 which i called testvlan
what I would like to do is enable traffic between 0/1 and 0/2.7
I would also like 0/2.7 to be able to access the internet through the 0/0 (outside) interface
i have tried various things and I can only get one of those two things to work. I can either talk between 0/1 and 0/2.7 and can't access the internet from 0/2.7 (it appears because there is no NAT for testvlan and outside)
or
I can access the internet from 0/2.7 but only by IP (DNS resolution fails because the DNS server is on 0/1 network) and i cannot talk between 0/1 and 0/2.7
any help as far as the proper configuration is concerned would be very appreciated.
Thanks
07-10-2008 01:35 PM
show the configuration...
07-10-2008 01:38 PM
this let's me talk between 0/1 and 0/2.7 but with this i cannot get to the internet. If I do a packet trace, there is no rule that blocks the traffic (according to the ASDM), but there is also no NAT rule that is used in the trace
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,testvlan) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
if i add this
nat (testvlan) 1 0.0.0.0 0.0.0.0
then nothing flows between 0/1 and 0/2.7 but i can go out to the internet by IP only
this is also enabled
same-security-traffic permit inter-interface
both interfaces are configured at 100 level
07-10-2008 01:54 PM
was that enough info?
thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: