Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
2
Replies

ASA 5505 with Security plus license vlan/subnet issues

ibrarmohammad
Level 1
Level 1

‎01-15-2008 05:05 AM - edited ‎03-11-2019 04:48 AM

Hi,

Im having some network design problems.

I think it will be easier to describe what i want to do first.

I have 3 small customers (1-4 employees) which will share internet connectivity and a large printer. Their office is within the same building. other than that they should not be able to "see" eachother.

I thought of making 3 Subnets / vlans:

Interface 0: DHCP (sec level 0)

Interface 1: VLAN 10 10.10.10.0/27 (sec level 100)

Interface 2: VLAN 20 10.10.10.32/27 (sec level 100)

Interface 3: VLAN 30 10.10.10.64/27 (sec level 100)

Firewall in routed mode.

What i am experiencing right now, that i am not able to ping across vlans.

i have not made any other configuration other than the neccessary for creating the vlans.

I also used the command: same-security-traffic permit inter-interface.

This should work because of the security plus license gives 20 vlans and with trunking capabilities.

Am i doing anything wrong, i really cant see what the problem is.?

Regards,

Ibrar

Labels:
0 Helpful
2 Replies 2

jskochan
Level 1
Level 1

‎01-15-2008 05:57 AM

Since ICMP is not a stateful connection. You will probably need to make some Access list permitting ICMP Echo-Reply. Just for trouble shooting apply some access list permit ICMP Any any to each interface.

Hope this helps.

Jeff

0 Helpful

srue
Level 7
Level 7
In response to jskochan

‎01-15-2008 06:12 AM

you can optionally enable icmp inspection - which then treats icmp as stateful.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card