12-12-2012 01:56 PM - edited 03-11-2019 05:36 PM
I am changing out a Cisci 5505 for a 5510, however i am having issue with the vlans
With the 5505 in place eveything was working well, upgraded to a 5510
The devices behind the FW on the 192.168.x.x network can no longer communicate.
THe configs are basically identical up to the Interfaces.
The issue is the VLANs, however i am not sure how to get past it.
ASA 5505 Config
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.X.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address X.X.X.X 255.255.255.252
ASA 5510 COnfiguration
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address x.x.x.X 255.255.255.252
!
interface Ethernet0/1
no nameif
security-level 100
no ip address
!
interface Ethernet0/2
no nameif
security-level 100
no ip address
!
interface Ethernet0/3
no nameif
security-level 100
no ip address
!
interface Management0/0
nameif Inside
security-level 100
ip address 192.168.X.1 255.255.255.0
12-13-2012 08:28 AM
Hi,
Can you post the actual log message.
Whats strange to me is that the traffic is even coming to your firewall.
You shouldnt need the ASA firewall at all when you are connection from a host on 192.168.x.0/24 to another host on the same network.
Is the case at the moment so that every pc behind the ASA can reach Internet but the pcs can't connect to eachother?
- Jouni
12-13-2012 12:30 PM
All the devices behind can browse without issue.
Here is the the message, it only started showing up after the "same-security-traffic permit intra-interface" command
3 Dec 13 2012 12:48:41 305006 192.168.x.6 7 portmap translation creation failed for tcp src Inside:192.168.x.5/7 dst Inside:192.168.x.6/7
12-13-2012 01:53 PM
Hi,
Well this is strange.
So all traffic to Internet is working but traffic inside the LAN isnt working AND is for some reason getting forwarded to the ASA even though the PCs should see eachother in the subnet without help from any router.
Are you sure that there is no Private Vlan type configurations on the switch? That the switch would prevent communicating with any other port other than the uplink to ASA? I'm not too familiar with the specifics of the Private Vlan switch configurations but I just cant imagine what the problem could be in such a simple setup.
If you have Windows machines, can you do
- Jouni
12-16-2012 04:31 AM
THank you for your help.. It works now.
I rebooted all devices behind the firewall and everthing is good now.
Thank you again
12-13-2012 06:28 AM
Hi,
ok yep you're right , gonna give you 5 for showing me that sometimes it's worth thinking before posting.
Regards.
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide