I have a layered network where the majority of servers have access to two networks (through their own separate NICs). Everything is connected to an SF300-48 switch with four (including VLAN1) VLANs set up. Everything is sitting behind an ASA5520.
This entire network is in a remote location and when I'm sitting on VLAN1, attached to a port which has membership into all 4 VLANs, all I need to do is switch my IP addresses and I'm able to access each individual VLAN with no issue.
My question is that I'm setting up an IPSec tunnel from my office to this remote network. Setting up the tunnel is just fine and is certainly working for anything that I put on VLAN1, but now I'm stuck at how to access the individual VLANs 10, 20 and 30. From research, I'm thinking that this is a sub-interface question but I've not used them before. The VLANs are set up on the SF300 and not from the ASA.
With no subinterfaces configured and with the Gi0/3 ("inside") interface of my ASA set up as 10.0.0.1, I can easily ping the SF300 switch (configured as 10.0.0.2) and a CSS11501 (as 10.0.0.3). The connection between Gi0/3@5520 and e1@SF300 is a simple CAT6 cable and that port (Ethernet1) on the SF300, it's configured as a trunk port, VLAN1.
As soon as I reconfigure Gi0/3 and bring on some VLAN IDs, everything just stops being pingable.
This is how I've got my ASA configured:
interface GigabitEthernet0/3
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3.1
vlan 1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
!
interface GigabitEthernet0/3.10
vlan 10
nameif VLAN10
security-level 100
ip address 10.0.10.254 255.255.255.0
!
interface GigabitEthernet0/3.20
vlan 20
nameif VLAN20
security-level 100
ip address 172.16.0.1 255.255.255.0
I've tried setting the SF300 up in both Layer 2 (default) and Layer 3 modes, but still no luck.
Any ideas???