Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
790
Views
0
Helpful
1
Replies

ASA: Routing of specific NTP data between two VLAN

NetworkStorm9000
Level 1
Level 1

‎10-28-2021 11:15 AM

Hi,

 

I have a Firepower appliance running ASA, where I have many different vlans. Most of them do not have any access to the internet or other vlan.

I have enabled an NTP proxy server on one of the VLANs, and wish to distribute this to my hosts on other VLANs as well.

 

I have a host, 192.168.101.11 on vlan A, which I want to receive and reply to icmp and ntp requests. Every host (for now) from 172.16.4.0/24 on vlan B should be able to request this. 

What are the things I should do to make that happen?

 

  • Make access rule
    • On vlan B:
      • source: 172.16.4.0/24
      • destination 192.168.101.11
      • destination service: icmp, ntp
    • On vlan A:
      • source: 192.168.101.11
      • destination: 172.16.4.0/24
      • destination service: icmp, ntp
  • Make NAT rule 1
    • source interface: vlan B
    • dest interface: vlan A
    • dest address: 192.168.101.11
  •  Make NAT rule 2
    • opposite of above

I'm quite new to this, and not very good, so go easy on me. I probably need to re-do some of the above, and maybe I'm missing some steps. Hope someone can be of help.

0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎10-28-2021 02:42 PM

Not sure why you need NAT rule here if this intra device traffic between VLAN Interface ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card