Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
298
Views
0
Helpful
4
Replies

ASA 5505Trunking port issue

Go to solution
frazer001
Level 1
Level 1

‎09-11-2014 07:59 AM - edited ‎03-11-2019 09:44 PM

Hello everyone,

I've recently added 5 vlans into my network and turned my eth0/1 port which goes to my switch into a trunk port. Since this change I haven't been able to get out to the internet at all. From my switch I am able to ping all of the vlan IP addresses assigned to the ASA, and vice-versa. I have a feeling that the problem maybe with the ACLs, but I don't know exactly what to look for. I've attached my configuration file for all of you to look at. Any help is much appreciated.

Labels:
Preview file
9 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP
In response to frazer001

‎09-11-2014 12:15 PM

First of all, remove the command switchport access vlan 4 from the interface

interface Ethernet0/1
 switchport access vlan 4
 switchport trunk allowed vlan 4,10,13-14,50-51
 switchport mode trunk

Also I notice you do not have any NAT statement configured, please add the following command:

object network obj_any
  nat (any,outside) dynamic interface

Though you should have specific dynamic NAT for each network, this is a quick and easy solution to configure NAT.

Try making these changes and then test, and let us know how it goes.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marius Gunnerud
VIP
VIP

‎09-11-2014 09:27 AM

What license do you have installed on your ASA (show version)?  If you have the base license then you will need to uprade to the security plus license.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
frazer001
Level 1
Level 1
In response to Marius Gunnerud

‎09-11-2014 09:51 AM

Hello Marius,

The device has the security plus license

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to frazer001

‎09-11-2014 12:15 PM

First of all, remove the command switchport access vlan 4 from the interface

interface Ethernet0/1
 switchport access vlan 4
 switchport trunk allowed vlan 4,10,13-14,50-51
 switchport mode trunk

Also I notice you do not have any NAT statement configured, please add the following command:

object network obj_any
  nat (any,outside) dynamic interface

Though you should have specific dynamic NAT for each network, this is a quick and easy solution to configure NAT.

Try making these changes and then test, and let us know how it goes.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
frazer001
Level 1
Level 1
In response to Marius Gunnerud

‎09-11-2014 01:04 PM

Thank you Marius, those 2 commands did the trick.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card