Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2141
Views
0
Helpful
16
Replies

One LAN per interface - not communicating w/each other

Go to solution
somethinglesspersonal
Level 1
Level 1

‎12-19-2013 08:25 AM - edited ‎03-07-2019 05:10 PM

Hello,

I have a Cisco ASA 5510 and we're only using two of the ports on it -- one for LAN and one for WAN. If I assign a third port 192.168.200.1, how to I get computers I plug into that port to communicate with the other LAN port (192.168.100.1)? Just set them at the same security level? In ASDM, there is a checkbox at the bottom of the main "Interfaces" page that says "Enable traffic between two or more interfaces which are configured with same secu..." but it doesn't finish the sentence. I'm assuming it finishes with "security levels" but when I check that I can't ping an IP on one interface from the other one I just set up. (i.e. can't ping 192.168.100.123 from a computer on the 192.168.200.x interface). Am I missing something? Seems like a very self explanatory checkbox to me. Thanks!

ASA Version 8.2(2)

ASDM Version 6.2(1)

Firewall mode: Routed

License: Security Plus

Physical Interfaces: Unlimited

VLANS: 100

Speaking of VLANS. I don't see anywhere in ASDM that mentions VLANS. Because the version of ASDM I have, are those options just not available in it and they need to be configured by CLI only? I have seen other ASA's where I can assign VLANS to interfaces but don't have those options on mine.

Labels:
0 Helpful
16 Replies 16

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to somethinglesspersonal

‎02-20-2014 03:09 PM

You can see from your packet tracer results that NAT is the issue.

Alain has posted a static NAT config you can use to get this working.

If you are doing anything remotely then you run a risk of something going wrong. Can't be helped really. So -

1) save the configuration as is before you do anything

2) add the NAT config and see if it works but don't save the config. If you need to you can reload the ASA.

The command Alain posted should not affect your access but you can never be sure so it always a good idea to have someone in the site you can get to power cycle the device if you lose access.

Jon

0 Helpful

Go to solution
danborchert
Level 1
Level 1
In response to Jon Marshall

‎03-10-2014 02:51 PM

"Alain has posted a static NAT config you can use to get this working."

Thanks Jon. That's exactly what I was looking for. At least a second opinion.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card