Adding interface voice vlan to ASA

latintrpt — Tue, 12 Mar 2019 08:09:01 GMT

Hi guys,

I am running an ASA 5505, V8.2.5 with security plus license.

I have added an additional vlan (Vlan100) to the asa and need it be identical in nature to vlan 1. For someone reason for PC's that are connected to vlan 1, I can't ping the gateway on vlan 100. PC's that are on vlan 1, can ping interface vlan gateway 192.168.0.171 and other PC's on vlan 1.

Can you someone take a look at my config and tell me what I need to add for the following to occur:

- vlan100 to get natted just like vlan 1 out to the internet.

-ping from vlan1 to vlan100, vice versa

- allow access from outside to access servers test 4 and test 5, http and www.

I bolded what I added.

----------------------------

ASA Version 8.2(5)
!
hostname ASA

names
name 192.168.0.244 barr
name 192.168.0.85 ewa
name 192.168.0.129 test1
name 192.168.0.127 test6
name 192.168.0.139 test2
name 192.168.0.144 test3
name 192.168.100.10 test4
name 192.168.100.11 test5
!
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/1

description trunk to hp switch
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.171 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address **Outside IP** 255.255.255.252
!
interface Vlan3
shutdown
nameif dmz
security-level 50
no ip address
!
interface Vlan100
nameif voice-network
security-level 100
ip address 192.168.100.1 255.255.255.0
!
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name test.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
object-group service DM_INLINE_TCP_2 tcp
port-object eq imap4
port-object eq pop3
port-object eq smtp
access-list inside_nat0_outbound extended permit ip any 192.168.0.128 255.255.255.128
access-list vpn_splitTunnelAcl_2 standard permit 192.168.0.0 255.255.255.0
access-list outside_access_in extended permit tcp any any object-group DM_INLINE_TCP_2
access-list outside_access_in extended permit tcp any any eq ftp
access-list outside_access_in extended permit udp any any eq domain
access-list outside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
access-list capout extended permit tcp any interface outside eq smtp
access-list capout extended permit tcp interface outside eq smtp any
access-list capin extended permit tcp any host Barracuda eq smtp
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
logging ftp-server 192.168.0.46 / syslog *****
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination inside 192.168.0.5 2055
flow-export template timeout-rate 1
flow-export delay flow-create 15
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu voice-network 1500
ip local pool pool1 192.168.0.172-192.168.0.197 mask 255.255.255.0
ip local pool pool2 192.168.0.218-192.168.0.219 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 192.168.0.0 255.255.255.0
static (inside,outside) tcp interface domain 192.168.0.5 domain netmask 255.255.255.255
static (inside,outside) tcp interface smtp barr smtp netmask 255.255.255.255
static (inside,outside) udp interface domain 192.168.0.5 domain netmask 255.255.255.255
static (inside,outside) tcp interface ftp test2 ftp netmask 255.255.255.255
static (inside,outside) tcp interface www test3 www netmask 255.255.255.255
static (inside,outside) tcp interface https test3 https netmask 255.255.255.255
static (inside,outside) tcp interface imap4 test3 imap4 netmask 255.255.255.255
static (inside,outside) tcp interface pop3 test3 pop3 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 **Outside Router** 1

-------------------------------------------------------------------------------------

topic Adding interface voice vlan to ASA in Network Security

Adding interface voice vlan to ASA