Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
4
Replies

asa 8.3 - routing /nat 0 multiple lan

Paolo Piutz
Level 1
Level 1

‎03-26-2015 10:02 AM - edited ‎03-11-2019 10:42 PM

Hi,

I've an asa 5510 with 8.3

I created a trunk with some vlan

eth0/0.10    ip address:  172.16.10.1 /24

eth0/0.11    ip address:  172.16.11.1 /24

eth0/0.12    ip address:  172.16.12.1 /24

eth0/0.13    ecc ecc ecc

eth0/0.14

ecc ecc ecc

Evey vlan have security level 50 and wan 0

How can I set nat0/routing between the lan?

I link a switch with the same vlan configured and from some LAN I can ping other LAN . Not all LAN can ping all LAN ...

es: from 172.16.10.1 /24 I can ping 172.16.11.1 /24, but from 172.16.12.1 /24 I cannot ping  172.16.13.1 /24

I configured all LAN in the same manner: all LAN can go in internet and all LAN can be accessed from VPN

I don't understand why for ex. LAN1 can ping LAN2 but LAN4 cannot ping LAN5: there are not rules!!!!

With packet tracert I see that the traffic is permitted....

 

Paolo

 

 

Labels:
0 Helpful
4 Replies 4

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎03-27-2015 05:59 AM

Hi,

There seems to be some confusion in terms of which traffic is working and which is not.

Can you list this information:-

show ip and tell us which direction is the traffic not working.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Paolo Piutz
Level 1
Level 1
In response to Vibhor Amrodia

‎04-08-2015 09:43 AM

Hi to all

thanks for reply.

same-security-traffic permit intra-interface and same-security-traffic permit inter-interface in already configured.

All net have the same security-level.

but....

seem that the networks that are interesting can comminicate each other...

I have another question now:

a server from a network have to communicate on tcp port 1433 with a server on another net with the same security-level, but cannot. I can ping the network.

I think that I have to config a inspect with policy-map, ecc but there is not the protocol.

How I can do to open port 1433.

 

Thanks.

Paolo.

 

0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to Paolo Piutz

‎04-09-2015 07:30 PM

Hi,

You can use a similar configuration as this:-

https://supportforums.cisco.com/discussion/11519281/asa-5520-and-inspection-mssql-dynamic-port

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Marius Gunnerud
VIP
VIP

‎03-28-2015 02:09 PM

Have you ensured that ICMP is permitted in any software firewall installed on the test PCs?

Since you say that you do not have any ACLs configured on the interfaces, I assume you have configured same-security-traffic permit intra-interface and same-security-traffic permit inter-interface commands?

Have you run the packet tracer in both directions?  from Lan 4 to Lan 5 and then again from Lan 5 to Lan 4?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card