- Cisco Community
- Technology and Support
- Security
- Network Security
- ASA 5510 Subinterfaces!!!!! a Headache
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
ASA 5510 Subinterfaces!!!!! a Headache
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2015 03:20 PM - edited 03-11-2019 10:27 PM
Dear friends. I configured a subinterface on management interface on an ASA 5510. I cannot reach to the other side after configure subinterface (cannot ping to 192.168.200.1). I will place the configuration. Need help urgently. Before configure a subint when configuration was on management int, it was working
: Saved
:
ASA Version 8.2(1)
!
hostname ASAFCHFW
domain-name farmaciachavez.com.bo
enable password 6Jfo5anznhoG00fM encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address xxx.yyy.zzz.123 255.255.255.248
!
interface Ethernet0/1
nameif Branch_Office
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Ethernet0/2
nameif DMZ
security-level 10
ip address 172.16.31.1 255.255.255.0
!
interface Ethernet0/3
nameif Inside
security-level 100
ip address 192.168.0.2 255.255.255.0
!
interface Management0/0
no nameif
no security-level
no ip address
!
interface Management0/0.10
vlan 10
nameif alianzaiNET
security-level 100
ip address 192.168.200.2 255.255.255.252
!
interface Management0/0.20
vlan 20
nameif LinkserNET
security-level 100
ip address 192.168.5.2 255.255.255.0
management-only
!
boot system disk0:/asa821-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name farmaciachavez.com.bo
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service RDP tcp
port-object eq 3389
object-group network Subredes
network-object 192.168.10.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 192.168.12.0 255.255.255.0
network-object 192.168.13.0 255.255.255.0
network-object 192.168.14.0 255.255.255.0
network-object 192.168.15.0 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object 192.168.17.0 255.255.255.0
network-object 192.168.18.0 255.255.255.0
network-object 192.168.19.0 255.255.255.0
network-object 192.168.20.0 255.255.255.0
network-object 192.168.21.0 255.255.255.0
network-object 192.168.22.0 255.255.255.0
network-object 192.168.23.0 255.255.255.0
network-object 192.168.24.0 255.255.255.0
network-object 192.168.25.0 255.255.255.0
network-object 192.168.49.0 255.255.255.0
network-object 192.168.50.0 255.255.255.0
network-object 192.168.51.0 255.255.255.0
network-object 192.168.52.0 255.255.255.0
network-object 192.168.53.0 255.255.255.0
access-list dmz_in extended permit ip host 172.16.31.2 any
access-list dmz_in extended permit tcp host 172.16.31.2 any
access-list dmz_in extended permit udp host 172.16.31.2 any
access-list dmz_in extended permit tcp host 172.16.31.2 any eq 3000
access-list dmz_in extended permit tcp host 172.16.31.2 any eq https
access-list dmz_in extended permit udp host 172.16.31.2 any eq domain
access-list dmz_in extended permit tcp host 172.16.31.2 any eq pop3
access-list dmz_in extended permit tcp host 172.16.31.2 any eq smtp
access-list dmz_in extended permit tcp host 172.16.31.2 any eq www
access-list dmz_in extended permit tcp host 172.16.31.2 any eq 1000
access-list dmz_in extended permit tcp host 172.16.31.2 any eq echo
access-list Inside extended permit ip any any
access-list Inside extended permit icmp any any
access-list Inside extended permit tcp any any
access-list Inside extended permit udp any any
access-list 100 extended permit ip any host xxx.yyy.zzz.122
access-list 100 extended permit tcp any host xxx.yyy.zzz.122
access-list 100 extended permit udp any host xxx.yyy.zzz.122
access-list 100 extended permit tcp any host xxx.yyy.zzz.125 object-group RDP
access-list 100 extended permit tcp any host xxx.yyy.zzz.126 object-group RDP
access-list 100 extended permit tcp any host xxx.yyy.zzz.124
access-list linkser extended permit ip 193.168.1.0 255.255.255.0 192.168.0.0 255
.255.0.0
access-list linkser extended permit ip 192.168.0.0 255.255.0.0 193.168.1.0 255.2
55.255.0
access-list netflow-export extended permit ip any any
access-list AlianzaNET extended permit ip object-group Subredes 192.168.200.0 25
5.255.255.252
access-list AlianzaNET extended permit ip 192.168.200.0 255.255.255.252 192.168.
0.0 255.255.128.0
access-list AlianzaNET extended permit ip 192.168.0.0 255.255.128.0 192.168.200.
0 255.255.255.252
access-list Outside_1_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192
.168.57.0 255.255.255.0
access-list Outside_1_cryptomap extended permit ip 172.16.31.0 255.255.255.0 192
.168.57.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 19
2.168.57.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 19
2.168.100.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 172.16.31.0 255.255.255.0 19
2.168.57.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 19
2.168.59.0 255.255.255.0
access-list Outside_2_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192
.168.59.0 255.255.255.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination Inside 192.168.0.55 9996
flow-export template timeout-rate 1
flow-export delay flow-create 60
mtu Outside 1500
mtu Branch_Office 1500
mtu DMZ 1500
mtu Inside 1500
mtu alianzaiNET 1500
mtu LinkserNET 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit host 192.168.0.43 Outside
icmp permit any Outside
icmp permit any DMZ
asdm image disk0:/asdm-647.bin
asdm history enable
arp timeout 14400
global (Outside) 101 interface
global (DMZ) 101 interface
global (alianzaiNET) 101 interface
global (LinkserNET) 101 interface
nat (Branch_Office) 101 0.0.0.0 0.0.0.0
nat (DMZ) 101 0.0.0.0 0.0.0.0
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 101 0.0.0.0 0.0.0.0
static (DMZ,Inside) 172.16.31.0 172.16.31.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
static (Inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.255.0
static (Inside,Branch_Office) 192.168.0.0 192.168.0.0 netmask 255.255.255.0
static (DMZ,Branch_Office) 172.16.31.0 172.16.31.0 netmask 255.255.255.0
static (Branch_Office,DMZ) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.3.0 192.168.3.0 netmask 255.255.255.0
static (Branch_Office,Inside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
static (Branch_Office,Inside) 172.16.2.0 172.16.2.0 netmask 255.255.255.0
static (Branch_Office,Inside) 172.16.3.0 172.16.3.0 netmask 255.255.255.0
static (Branch_Office,DMZ) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.44.0 192.168.44.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.21.0 192.168.21.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.20.0 192.168.20.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.35.0 192.168.35.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.37.0 192.168.37.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.43.0 192.168.43.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.45.0 192.168.45.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.28.0 192.168.28.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.33.0 192.168.33.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.30.0 192.168.30.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.25.0 192.168.25.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.27.0 192.168.27.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.26.0 192.168.26.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.23.0 192.168.23.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.39.0 192.168.39.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.29.0 192.168.29.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.22.0 192.168.22.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.32.0 192.168.32.0 netmask 255.255.255.0
static (DMZ,Outside) xxx.yyy.zzz.122 172.16.31.2 netmask 255.255.255.255 dns
static (Branch_Office,Inside) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
static (Branch_Office,Inside) 193.168.1.0 193.168.1.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.18.0 192.168.18.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.24.0 192.168.24.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.41.0 192.168.41.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.31.0 192.168.31.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.40.0 192.168.40.0 netmask 255.255.255.0
static (Inside,Outside) xxx.yyy.zzz.125 192.168.0.25 netmask 255.255.255.255
static (Branch_Office,Inside) 192.168.42.0 192.168.42.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.47.0 192.168.47.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.46.0 192.168.46.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.19.0 192.168.19.0 netmask 255.255.255.0
static (Inside,Outside) xxx.yyy.zzz.126 192.168.0.22 netmask 255.255.255.255
static (Branch_Office,Inside) 192.168.17.0 192.168.17.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.16.0 192.168.16.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.90.0 192.168.90.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.48.0 192.168.48.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.49.0 192.168.49.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.15.0 192.168.15.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.51.0 192.168.51.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.52.0 192.168.52.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.53.0 192.168.53.0 netmask 255.255.255.0
static (Inside,Outside) xxx.yyy.zzz.124 192.168.0.122 netmask 255.255.255.255
static (Branch_Office,Inside) 192.168.54.0 192.168.54.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.55.0 192.168.55.0 netmask 255.255.255.0
static (Branch_Office,Inside) 192.168.56.0 192.168.56.0 netmask 255.255.255.0
access-group 100 in interface Outside
route Outside 0.0.0.0 0.0.0.0 xxx.yyy.zzz.121 20
route Branch_Office 172.16.1.0 255.255.255.0 192.168.2.2 1
route Branch_Office 172.16.2.0 255.255.255.0 192.168.2.2 1
route Branch_Office 172.16.3.0 255.255.255.0 192.168.2.2 1
route alianzaiNET 172.16.30.0 255.255.255.0 192.168.200.1 1
route Branch_Office 192.168.15.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.16.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.17.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.18.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.19.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.20.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.21.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.22.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.23.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.24.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.25.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.26.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.27.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.28.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.29.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.30.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.31.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.32.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.33.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.35.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.37.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.39.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.40.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.41.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.42.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.43.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.44.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.45.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.46.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.47.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.48.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.49.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.50.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.51.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.52.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.53.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.54.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.55.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.56.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.90.0 255.255.255.0 192.168.2.2 1
route Branch_Office 192.168.100.0 255.255.255.0 192.168.2.2 1
route Branch_Office 193.168.1.0 255.255.255.0 192.168.2.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
http server enable
http 192.168.0.0 255.255.255.0 Inside
http 0.0.0.0 0.0.0.0 Outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer 179.60.127.17
crypto map Outside_map 1 set transform-set ESP-DES-MD5
crypto map Outside_map 2 match address Outside_2_cryptomap
crypto map Outside_map 2 set peer xxx.yyy.www.99
crypto map Outside_map 2 set transform-set ESP-DES-MD5
crypto map Outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption des
hash sha
group 1
lifetime 86400
telnet 0.0.0.0 0.0.0.0 Outside
telnet 0.0.0.0 0.0.0.0 Branch_Office
telnet 172.16.31.0 255.255.255.0 DMZ
telnet 192.168.0.0 255.255.255.0 Inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DfltGrpPolicy attributes
username eguerra password dr6zkC4iOPQHLH5f encrypted privilege 15
tunnel-group 190.186.39.243 type ipsec-l2l
tunnel-group 179.60.127.17 type ipsec-l2l
tunnel-group 179.60.127.17 ipsec-attributes
pre-shared-key *
tunnel-group xxx.yyy.www.99 type ipsec-l2l
tunnel-group xxx.yyy.www.99 ipsec-attributes
pre-shared-key *
!
class-map netflow-export-class
match access-list netflow-export
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect icmp error
class netflow-export-class
flow-export event-type all destination 192.168.0.55
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:81db71759dc01d3d810e6b023193cda4
: end
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2015 01:44 PM
Please some help for this Q
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2015 06:31 PM
The management interface cannot be used to pass traffic between interfaces.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-25-2015 05:43 AM
Even if no management-only command is executed?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
