Solved: ASA 5510 8.3(1) please help

Indrit_Qesja · ‎10-09-2012

Hello !

I'm having problems configuring my asa5510 version 8.3(1)

My internal network is 192.168.10.0 in ethernet 0/0

I what to fragment my internal network with 2 subnets , 192.168.10.0 and 192.168.100.0 and i what that this two subnet can comunicate each ather

so 192.168.10.0 can transmit data , ping 192.168.100.0 , so both reciprocally.

I think that it can do , with creating a sub interface in vlan0/0 , and i try this , i try to configure acces list , nat etc but with no results

Please can any body halp me because im really in trouble

really i appreciate your halp

thanks a lot

regards

Harish Balakrishnan · ‎10-09-2012

Hello Indrit,

The following thigs has to be done before doing this..

1. Connect ASA e0/0 to a switch

2. Cofigure 2 vlan ( example 10, 20) in the switch and make the port connects to ASA as trunk

3.Configure ASA as follows to accomodate these 2 Vlans ( Remove all configuration from E0/0)

interface Ethernet0/0.10

vlan 10

nameif inside

security-level 100

ip address 192.168.10.1 255.255.255.0

!

interface Ethernet0/0.20

vlan 20

nameif inside1

security-level 70

ip address 192.168.100.1 255.255.255.0

access-list inside1_in extended permit ip any any

access-group inside1_in in interface inside1

now connect 1 PC under each Vlan and assign the respective IP address and default gateway as ASA IP, you should be able to ping each other

Let me now if you need any help

Harish.

View solution in original post

Harish Balakrishnan · ‎10-09-2012

Hello Indrit,

Please post your current configuration and let me the IP address the PC's which you are trying to communicate each other.. so that we can troubleshoot it faster

regards

Harish.

Harish Balakrishnan · ‎10-09-2012

Hello Indrit,

The following thigs has to be done before doing this..

1. Connect ASA e0/0 to a switch

2. Cofigure 2 vlan ( example 10, 20) in the switch and make the port connects to ASA as trunk

3.Configure ASA as follows to accomodate these 2 Vlans ( Remove all configuration from E0/0)

interface Ethernet0/0.10

vlan 10

nameif inside

security-level 100

ip address 192.168.10.1 255.255.255.0

!

interface Ethernet0/0.20

vlan 20

nameif inside1

security-level 70

ip address 192.168.100.1 255.255.255.0

access-list inside1_in extended permit ip any any

access-group inside1_in in interface inside1

now connect 1 PC under each Vlan and assign the respective IP address and default gateway as ASA IP, you should be able to ping each other

Let me now if you need any help

Harish.

Diego Armando Cambronero Arias · ‎10-09-2012

Just add the interface with the same security level.

And

hostname(config)# same-security-traffic permit inter-interface

If you try this and doesn't work you could try creating an Identity Nat to comunicate this interfaces.

Diego Armando Cambronero Arias · ‎10-09-2012

What does the packet tracer states???

Sent from Cisco Technical Support iPhone App