how to communication between vlans in asa

lokeshpatidarnmh · ‎09-12-2014

Hi Everybody

I am new to ASA, we have ASA 5505 with Security Plus license. Please see attachment for Configuration. I am trying to do is route from interface (Vlan 1 - 10.0.0.0 inside) to Internal_LAN (vlan 3 -20.0.0.0) and vice versa

From each subnet I am able to connect to the internet, but I need these subnets to also be able to talk to each other.

I have each VLAN interface at security level 100 and enabled "same-security-traffic permit inter-interface"

I would thankful for any support

thanks!

Saurabh Kishore · ‎09-12-2014

Use the packet tracer command which will show you, what's stopping them from communicating.

Walter Astori · ‎09-12-2014

Try to execute the below command :

no same-security-traffic permit inter-interface

lokeshpatidarnmh · ‎09-15-2014

Hi Saurabh Kishore

Hi walter.astori

thanks for your idea...

Marius Gunnerud · ‎09-16-2014

The following command is your problem:

nat-control

remove this command...or...create NAT rules for traffic between the inside interface and AP interface.

this command is no longer in use in the newer versions of ASA. Originally it was placed in the configuration as an extra security measure, but I suppose it was found that it wasn't really needed so it was removed completely as of ASA 8.4.

So just issue the command:

no nat-control

and then test and let us know.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Marius Gunnerud · ‎09-16-2014

Also do not remove the same-security-traffic permit inter-interface command. This is needed to allow traffic between interfaces that have the same security level.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts