Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
579
Views
9
Helpful
6
Replies

5505 ASA Inisde network not able to go out

jimmyyee07
Level 1
Level 1

‎05-23-2008 02:22 PM - edited ‎03-11-2019 05:49 AM

I have a brand new 5505 ASA it is connected to a 3550 layer 3 switch which is configured for 3 vlans. I am able to go out from the ASA to the Internet but not from the switch. I can ping the ASA but not the Internet from the inside network. Can there be a mismatch vlan configurations between the ASA and the 3550 switch. Vlan 100 (inside) is configured on the ASA (the default vlan 1 removed). On the switch the vlan that the ASA is connected to is on vlan 100 and the default ip route is pointed to the ASA.

Labels:
0 Helpful
6 Replies 6

jimmyyee07
Level 1
Level 1

‎05-23-2008 02:32 PM

figure it out

0 Helpful

m-abooali
Level 4
Level 4
In response to jimmyyee07

‎05-23-2008 09:16 PM

very funny!

this is for professional and not people like you. shame on you.

Masood

0 Helpful

arturo.guzman
Level 1
Level 1

‎05-23-2008 02:49 PM

You have to add routes for the other vlans, and you hace to ensure that the vlan in ASA is the same that te vlan in switch.

if you want you can put the configuration here for review it.

srue
Level 7
Level 7
In response to arturo.guzman

‎05-23-2008 04:04 PM

you can either add static routes on the ASA to point to the vlan interface on the 3550 that's in the same vlan as the 3550 or enable a routing protocol between the two devices.

you nat statement on the asa should allow traffic from each of the 3 vlans, either specifically or with something like:

nat (inside) 1 0 0

global (outside) 1 interface

it would help if you posted the configs of each device.

0 Helpful

sushil
Level 1
Level 1
In response to srue

‎05-25-2008 01:41 AM

I am agree with Srue.

If you are routing all the vlans on the L3 switch then the ASA needs to know how to get to these vlans. So the IP address of your ASA is 192.168.0.1 (i.e inside int) ?

if so what is the L3 vlan IP address from that same subnet. Lets assume it is 192.168.0.2. So on the ASA you need to have routes

route (inside) 192.168.2.0 255.255.255.0 192.168.0.2

route (inside) 192.168.3.0 255.255.255.0 192.168.0.2

etc..

for all the vlans that are on the L3 switch.

To guide you exactly post your config.

0 Helpful

m-abooali
Level 4
Level 4
In response to sushil

‎05-25-2008 07:46 AM

Your ASA must know how to get to the next hop for sure what ever device that it may be.

for routig acroess one int to the other, i.e. across the ASA fabric, you need to nat (inside) or a one to one static transtation and for outside you need to add the global (outside) 1 interface as soure had mentioned above.

HTH.

Masood

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card