Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LAN issues whenever ASA 5580-40 FW is connected to VLAN ports

Hi,

I was trying to segment my internal server networks with Cisco ASA 5580-40 FW. The different servers were segmented into different vlans and works fine without the FW. However, whenever the FW DMZs are connected to ports associated to the different vlans some servers on same LAN stops communicating at Application level. When all the other vlans are shutdown leaving only the vlans where servers that are having issues resides, everything resumes work normally.

Don't know what issues are with the LAN. Could someone advise what could be going on here?

5 REPLIES
Hall of Fame Super Silver

Re: LAN issues whenever ASA 5580-40 FW is connected to VLAN port

Hello Olensegun,

you may want to post this in the security/firewalling forum where you can get better help.

My first impression is that you can face a license limits issue because you say that :

>> When all the other vlans are shutdown leaving only the vlans where servers that are having issues resides, everything resumes work normally.

Or there is some form of conflict in the configuration

Hope to help

Giuseppe

New Member

Re: LAN issues whenever ASA 5580-40 FW is connected to VLAN port

Hi guisiar,

Thanks. I strongly feels it's a LAN issues. Traffic were not initially passing through the FW. The firewall DMZ were connected to the respective Vlan of the servers in the various subnets. Could this stop server comminatyion at application level?

Hall of Fame Super Silver

Re: LAN issues whenever ASA 5580-40 FW is connected to VLAN port

Hello Olusegun,

it is diffcult to say something without more details.

the ASA being a FW can be blocking some servers/subnets or for a configuration issue or for some limitations (like the max number of vlans on the trunk if the link to the ASA is a L2 trunk)

Hope to help

Giuseppe

New Member

Re: LAN issues whenever ASA 5580-40 FW is connected to VLAN port

Hi giustar,

Thank you for your response. I actually have some of the interfaces of the FW DMZ configured as sub-interfaces (whc is L2) while the corresponding port it is connecting to on the switch is a trunk port carrying all Vlans. Do you think configuring vlan pruning on the switch will help?

Hall of Fame Super Silver

Re: LAN issues whenever ASA 5580-40 FW is connected to VLAN port

Hello Olusegun,

I don't think this can solve but it helps.

However, defining on the switch side the set of allowed vlans with

switchport trunk allowed vlan

is something that makes the scenario more clean.

Hope to help

Giuseppe

259
Views
0
Helpful
5
Replies
CreatePlease to create content