Solved: Re: ASA 5555 Multible Vlan Access

chris.kaiser@newcanaanct.gov · ‎09-30-2020

I have an ASA 5555 and can access the internet thru it just fine if I am on the same network as the inside interface but when I add a next-hop to my test router to have another vlan access the same firewall, the traffic never makes it to the internet. The ASA monitor show traffic from that network device but still no internet access. We are trying to use this ASA for a guest network firewall and only needs to allow traffic from 1 other network other than the inside interface. Inside network is 10.120.50.x

Guest network is 10.50.x.x

I am guessing that it is a nat or ACL I am missing but cant quite figure it out.

Any and all help is welcome,

Thank you

chris.kaiser@newcanaanct.gov · ‎10-02-2020

Thanks for making me thing about the route. It was there in ASDM but missing in CLI. After adding with CLI , it now passes all traffic.

Thank you, Rob

View solution in original post

Rob Ingram · ‎09-30-2020

Hi chris.kaiser@newcanaanct.gov

What NAT rules have you configured?

You would probably need a NAT rule for the Guest network such as:

object network GUEST subnet 10.50.x.x 255.255.0.0
 nat (inside,outside) dynamic interface

If that does not work provide your configuration and the output of "show nat detail"

I assume the ASA can ping a device on the Guest network to prove the routing is working correctly?

HTH

chris.kaiser@newcanaanct.gov · ‎10-02-2020

Thanks for making me thing about the route. It was there in ASDM but missing in CLI. After adding with CLI , it now passes all traffic.

Thank you, Rob