I have a ASA connected to a swtich via DOT1Q trunk where i have vlan 10,20,100 configured on both switchs i`m using Vlan 100 for the remote user pool and i have my switch configured for intervaln routing so my issue is :
I have setup easy VPN for remote access but it seems i can`t access my internal ressources i can only ping my default GW on the switch however when i use my SSL VPN via the webbrowser i have full reachability to all my vlans
Can anyone please help why i can`t reach the rest of the vlan while i`m using my easy VPN connection
i have vlan 10,20,100 configured on both switchs i`m using Vlan 100 for the remote user pool and i have my switch configured for intervaln routing so my issue is :
I'm not sure if I understand your description correctly but I think what you need to do is remove the vlan100 interface from the switch. The switch needs to send traffic destined for the clients to the ASA.
Not sure what you are trying to achieve here - either you're doing something very unusual, or you're overcomplicating things
IMHO it does not make sense to have an ASA interface in each vlan *and* a L3 interface in each vlan on the switch.
So the question is: do you want the switch to do the inter-vlan routing (so there is no access control between them) or the ASA (so you can specify which traffic is allowed between vlans).
If the switch is to do the inter-vlan routing, then you don't need an ASA interface in each vlan, so you don't even need the trunk, just use one vlan to interconnect the ASA and the switch, eg. vlan12:
interface Ethernet0/0 description INSIDE_UL_LAB nameif INSIDE_LAB_MAIN security-level 90 ip address 172.16.12.100 255.255.255.0 ! no interface Ethernet0/0.2 no interface Ethernet0/0.10 no interface Ethernet0/0.12 no interface Ethernet0/0.100
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...