Re: Access to inside network from second vlan - Page 2

michael.m.williams · ‎02-24-2009

I placed a network 10.71.180.128/25 (VLAN71) behind the inside interface of my ASA5505. I have a server on this network that i have to access from both the internet and from inside my network. I understand i can create a NAT rule to access the inside server from the internet, but have not been able to figure out how I can have computer (10.100.10.1) in other internal subnet 10.100.10.0/28 access server 10.71.180.140. I only have basic package on ASA5505.

Help please.

Mike

andrew.prince · ‎02-27-2009

OK - firstly you have a config error:-

access-list allow-server extended permit ip host 10.100.10.114 host 10.71.100.135

should read:-

access-list allow-server extended permit ip host 10.100.10.114 host 10.71.180.135

secondly have you configured the default gateway on the laptops to the correct ASA interface IP address ?

post the output of

"show access-list allow-server"

michael.m.williams · ‎02-27-2009

Config error corrected. Thanks for that. I can't change the default gateway for VLAN 100 because this is an existing network that has other servers on it. 10.100.100.1 provides services to the computers within that network and also needs to communicate with server within VLAN 71 (PCI network). The inside laptop is set up as DHCP and has the correct DFG.

Yes i can ping the 10.71.180.135 when i change the default gateway 10.100.10.114 to 10.100.10.120. If there another way to reach the inside network from VLAN 100 without changing default gateway?

Mike

andrew.prince · ‎02-27-2009

I am confused - are you saying that you have a different DG in the VLAN100 subnet?

Then the solution will be to configure a static route in the server that points the 10.71.180.0/24 or 10.71.180.135 host in it's routing table pointing towards the ASA.

HTH>