https://community.cisco.com/t5/network-security/v-lans/m-p/1164062#M877253 <HTML><HEAD></HEAD><BODY><P>Vinay,</P><P>Assuming you have this:</P><P></P><P>Fw: </P><P>vlan100</P><P>Int vl 100</P><P>Ip address 192.168.12.1</P><P></P><P>Int eth 0/1</P><P>nameif Inside</P><P>switchport access vl100</P><P>no shut</P><P></P><P>Switchport connected to fw's inside:</P><P></P><P>Switchport access vl100</P><P>switchport mode access</P><P>no shut</P><P></P><P>This should work , assuming there is no ACL which denies the traffic/icmp packets.</P><P>Vlad</P><P></P><P>Vinay ,</P><P></P><P>A small corection, sorry!</P><P>The fw should be like this not what I previously posted:</P><P></P><P>vlan100</P><P>Int vl 100</P><P>Nameif Inside</P><P>Ip address 192.168.12.1</P><P></P><P>Int eth 0/1</P><P>switchport access vl100</P><P>no shut</P><P></P><P></P><P></P></BODY></HTML> Sun, 25 Jan 2009 10:24:24 GMT hunnetvl01 2009-01-25T10:24:24Z https://community.cisco.com/t5/network-security/v-lans/m-p/1164059#M877248 <P>Hi, I have to setup new V-lans department wise in our office. In current scenario, we have unmanaged switch which is connected with ASA 5505 FW where V-LAN 100 (NOC) is created and IP address of Inside Interface NOC V-lan is 192.168.12.1 which is a gateway set on client machines and Servers. This Network is connected with Remote sites via STS Tunnel. Now we want to make a new V-lans on new L2 switch and put the access list according to rights of users. </P><P></P><P>Here, I am bit confused about understanding new V-Lans structure. I want that the IT department and the Servers are remained in the NOC V-lan but would like to make seperate V-Lans for DEV and QA Team. I have created three following V-lans on L2 switch:</P><P></P><P>1) Vlan 100 NOC Port assigned eth 1-4</P><P>2) Vlan 200 DEV Port assigned eth 5-8</P><P>3) Vlan 300 QA Port assigned eth 9-12</P><P></P><P>Now I want to connect ASA Inside NOC Vlan 100 with the port 1 L2 switch where already same V-lan created but when I connect switch and FW and connect my laptop on port 2 of L2 switch then I am not able to ping the Inside Interface IP 192.168.12.1. Not able to underst</P><P>and where I am wrong. Second, I want to make a Trunk port on L2 switch on port 14 and connect with FW port 8 which is not a member of V-lan and want to do all settings on FW Trunk port like nattig, access list or etc. Please advice your suggestions in this regard. Can you please recommend how many network design I can use, Pl suggest as well if possible.</P><P></P><P>Thanks</P><P>Vinay Gupta</P> Mon, 11 Mar 2019 14:41:43 GMT https://community.cisco.com/t5/network-security/v-lans/m-p/1164059#M877248 nikuhappy2010 2019-03-11T14:41:43Z https://community.cisco.com/t5/network-security/v-lans/m-p/1164060#M877250 <HTML><HEAD></HEAD><BODY><P>Vinay,</P><P></P><P>Paste the ASA and switch config.</P><P>I suppose the Vlans on teh fw are named the same as the vlan on the switch and u connect vlan 100 on switch with an interface assigned Vlan 100 on the fw.</P><P></P><P>Regards,</P><P>Vlad</P><P></P><P></P></BODY></HTML> Sat, 24 Jan 2009 18:58:12 GMT https://community.cisco.com/t5/network-security/v-lans/m-p/1164060#M877250 hunnetvl01 2009-01-24T18:58:12Z https://community.cisco.com/t5/network-security/v-lans/m-p/1164061#M877252 <HTML><HEAD></HEAD><BODY><P>yes, you are right....then should it not be start the communication between switch and FW by creating same VLan name and ID. </P></BODY></HTML> Sun, 25 Jan 2009 02:43:10 GMT https://community.cisco.com/t5/network-security/v-lans/m-p/1164061#M877252 nikuhappy2010 2009-01-25T02:43:10Z https://community.cisco.com/t5/network-security/v-lans/m-p/1164062#M877253 <HTML><HEAD></HEAD><BODY><P>Vinay,</P><P>Assuming you have this:</P><P></P><P>Fw: </P><P>vlan100</P><P>Int vl 100</P><P>Ip address 192.168.12.1</P><P></P><P>Int eth 0/1</P><P>nameif Inside</P><P>switchport access vl100</P><P>no shut</P><P></P><P>Switchport connected to fw's inside:</P><P></P><P>Switchport access vl100</P><P>switchport mode access</P><P>no shut</P><P></P><P>This should work , assuming there is no ACL which denies the traffic/icmp packets.</P><P>Vlad</P><P></P><P>Vinay ,</P><P></P><P>A small corection, sorry!</P><P>The fw should be like this not what I previously posted:</P><P></P><P>vlan100</P><P>Int vl 100</P><P>Nameif Inside</P><P>Ip address 192.168.12.1</P><P></P><P>Int eth 0/1</P><P>switchport access vl100</P><P>no shut</P><P></P><P></P><P></P></BODY></HTML> Sun, 25 Jan 2009 10:24:24 GMT https://community.cisco.com/t5/network-security/v-lans/m-p/1164062#M877253 hunnetvl01 2009-01-25T10:24:24Z