Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Inter VLAN routing on ASA 5510 Management0/0 subinterfaces

Hi all!

I have an ASA 5510 (routed mode) which I am trying to use to route traffic between VLANs on the Management Interface.


Eth 0/0 - Outside seclevel 0 publicly addressed IP

Eth 0/1 - Inside seclevel 100 trunk to stack of Cat3560 switches all internally addressed

Eth 0/2 - DMZ seclevel 20 internally addressed single network

Eth 0/3 - Failover

Management 0/0 - No longer Management only and supports two subinterfaces.

Management 0/0.1 - VLANid 1:, IP

Management 0/0.2 - VLANid 130: 10.1.130/24, IP

Can't spring for another 3560 so I'm stuck using an HP Procurve 4000M.

The 4000M is connected via port A1 to the Management physical interface of the ASA.

VLANs defined on the 4000M are:

VLAN 1: Mgmt IP Address GW:

VLAN 130: Mgmt IP Address GW:

Port A1 is set to VLAN1 in TAGGED mode (802.1Q)

Port A1 is set to VLAN130 in TAGGED mode (802.1Q)

Port A2 is set to VLAN1 in un-tagged mode and hosts a client at GW:

Port A3 is set to VLAN130 in un-tagged mode and hosts a client at GW

ACL for each Man0/0.1 & .2:

Permit IP any any

No NAT on Man0/0 or sub-ints

VLAN1 - client can ping switch mgmt ip ( and ASA Man0/0.1 but when pinging anything in VLAN130 ASA logs event "no route from to from".

Both routes show up as "C"onnected in the sh route command, how is it possible the ASA doesn't have a route back?

VLAN130 - client can ping switch mgmt ip ( BUT NOT ASA Man0/0.2 and not anything on VLAN1, no logs show.

My guess is a disconnect on the 802.1Q for VLAN130, but that doesn't explain the no route error when pinging from VLAN1 (the native VLAN of the switch).

The ASA is in production, but the 4000M is not so when I get a chance to anonymize my configs I'll attach them (probably Monday).

Any ideas?

CreatePlease login to create content