Cisco Support Community
Community Member

Routing between 2 vlans on an ASA 5510 version 8.4

Hi There,

I am having issues configuring routing between 2 Vlans on the same ASA.

I have 2 subinterfaces configured on 2 different subnets and 2 different Vlans, and with the same security level.

#inside Vlan: inside connection
interface Ethernet0/1.1
vlan 10
nameif inside
security-level 100
ip address
no shutdown

#New Inside Vlan: inside connection
interface Ethernet0/1.3
vlan 11
nameif NewInside
security-level 100
ip address
no shutdown


I have 2 objects associated with these:

object network New-Inside-network
nat (NewInside,outside) dynamic x.x.x.x

object network inside-network
nat (inside,outside) dynamic x.x.x.x



I have both of these enabled:

same-security-traffic permit intra-interface
same-security-traffic permit inter-interface




I am not sure what else I am missing?

The "inside" network is the current configuration and I am trying to add another subnet to the network in another Vlan (NewInside) and trying to get them communicating.

All the switches have the new vlan added to their trunks.

I cannot ping to either the new gateway ( or a host i have temporarily added to the new network ( from my current network.

Any help will be greatly appreciated, please ask if you need more info.




Everyone's tags (6)

Hello.could you share the


could you share the configuration of the port, connected to the ASA? and "show int tru".

Please check "sh int ip br" and arp cache on the ASA.

Community Member

Hi Vasilii,

Hi Vasilii,

The config of the port connected to the asa is:

interface GigabitEthernet1/0/26
 switchport mode trunk
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 mls qos trust cos
 macro description cisco-switch
 auto qos trust
 spanning-tree link-type point-to-point



Show Interface Trunk:

Port        Mode             Encapsulation  Status        Native vlan

Gi1/0/26    on               802.1q         trunking      1


Port        Vlans allowed on trunk

Gi1/0/26    1-4094


In this output I did notice that the new VLAN was not present under:

Vlans allowed and active in management domain

I have set it to active now, using:

IPSW-L2-E2EHW2#conf t
IPSW-L2-E2EHW2(config)#vlan 4
IPSW-L2-E2EHW2(config-vlan)#state active

I can now communicate with the gateway across the network, in that subnet and vlan.


I just now need to get communication across vlans (Ping vlan 2 from vlan 3 and vice versa)

Now I am not sure whether this is an Access List job or a Route?  Either way not sure what to do.



CreatePlease to create content