cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


954
Views
5
Helpful
19
Replies
Mentor

Moving from ASA 5505 to 5510 - VLAN Issue

Hi,

Can you post the actual log message.

Whats strange to me is that the traffic is even coming to your firewall.

You shouldnt need the ASA firewall at all when you are connection from a host on 192.168.x.0/24 to another host on the same network.

Is the case at the moment so that every pc behind the ASA can reach Internet but the pcs can't connect to eachother?

- Jouni

Beginner

Re: Moving from ASA 5505 to 5510 - VLAN Issue

All the devices behind can browse without issue.

Here is the the message, it only started showing up after the "same-security-traffic permit intra-interface" command

3    Dec 13 2012    12:48:41    305006    192.168.x.6    7            portmap translation creation failed for tcp src Inside:192.168.x.5/7 dst Inside:192.168.x.6/7

Mentor

Re: Moving from ASA 5505 to 5510 - VLAN Issue

Hi,

Well this is strange.

So all traffic to Internet is working but traffic inside the LAN isnt working AND is for some reason getting forwarded to the ASA even though the PCs should see eachother in the subnet without help from any router.

Are you sure that there is no Private Vlan type configurations on the switch? That the switch would prevent communicating with any other port other than the uplink to ASA? I'm not too familiar with the specifics of the Private Vlan switch configurations but I just cant imagine what the problem could be in such a simple setup.

If you have Windows machines, can you do

  • Windows/Start menu
  • Run
  • Type -> cmd
  • Type -> arp -a
    • Does the ARP table list the other hosts in the same switch or only the default gateway?

- Jouni

Highlighted
Beginner

Re: Moving from ASA 5505 to 5510 - VLAN Issue

THank you for your help.. It works now.

I rebooted all devices behind the firewall and everthing is good now.

Thank you again

Advisor

Moving from ASA 5505 to 5510 - VLAN Issue

Hi,

ok yep you're right    , gonna give you 5 for showing me that sometimes it's worth thinking before posting.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.