CiscoASAv subinterfaces traffic is not passing - Page 2

Juni · ‎05-15-2023

Hi Everyone,

I am struggling with the ASA configuration with 2 Subinterfaces and am not able to ping from one vlan host to another vlan host, I haven't applied any ACLs and NAT as am not testing it with the internet.

int gi0/0.10

vlan 10

nameif VLAN10

security-level 50

ip add 10.255.255.5 255.255.255.0

!

int gi0/0.20

vlan 20

nameif VLAN20

security-level 50

ip add 20.255.255.5 255.255.255.0

I have 2 PCs connected one each on one port and am not able to ping from one host machine to another

same-security-traffic permit inter/intra-interface is already there

inspect icmp is also there in default policy-map

Can anyone assist me with the problem cause?

Sheraz.Salim · ‎05-30-2023

I completely missed you are using ASAv its only defined in your Subject line. I was under-the-Impression you using a physical box. As it is ASAv.

GigabitEthernet0/3 unassigned YES unset up up
GigabitEthernet0/3.10 10.255.255.5 YES manual up up
GigabitEthernet0/3.20 20.255.255.5 YES manual up up

your configured GiagbitEthernet 0/3 with sub-Interfaces. I think the issue is with your vswitch presentation. check vmware-vswitch setting (what vlan/s are configured).

please do not forget to rate.

MHM Cisco World · ‎05-30-2023

mac-address auto <<- Add this command to global and reload the ASAv and check again

If you disable MAC address generation, see the following default MAC addresses:

For the ASA 5500-X series appliances—The physical interface uses the burned-in MAC address, and all subinterfaces of a physical interface use the same burned-in MAC address.
For the ASASM—All VLAN interfaces use the same MAC address, derived from the backplane MAC address.