Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1099
Views
0
Helpful
5
Replies

Routing between two sub interfaces on ASA 5520

Go to solution
mkennedy
Level 1
Level 1

‎10-16-2012 06:00 PM - edited ‎03-11-2019 05:10 PM

I have two virtual interfaces on my ASA 5520:

GigabitEthernet0/1.338     172.30.0.81/28

GigabitEthernet0/1.345     172.30.0.129/28

I have the security levels for both set to 50 and in the ASDM I have checked off "Enable traffic between two or more interfaces which are configured with same security levels"

But now the need has arisen that we allow each subnet to be routable to each other for SMTP traffic, how can I accomplish this?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to mkennedy

‎10-16-2012 10:29 PM

here we go:

static (primero,SilverWheaton) 172.30.0.80 172.30.0.80 netmask 255.255.255.240

Then just a "clear xlate" if you have no ACL applied to both interfaces.

Otherwise, if you have ACL applied to the interfaces, you would need to explicitly allow access between the subnet.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎10-16-2012 08:46 PM

You can configure it the same way as any of your other physical interfaces.

In the configuration, just reference the name of that particular sub interface

0 Helpful

Go to solution
mkennedy
Level 1
Level 1
In response to Jennifer Halim

‎10-16-2012 10:06 PM

Am I adding a static route in Device Setup > Routing > Static Routes?  Or am I creating ACLs between the two interfaces?

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to mkennedy

‎10-16-2012 10:10 PM

NAT exemption between the interfaces.

Let me know the security level and name of each interface, and I'll help you configure it. ALso what version of ASA are you running?

Plus, "show run access-group" output would help too.

0 Helpful

Go to solution
mkennedy
Level 1
Level 1
In response to Jennifer Halim

‎10-16-2012 10:23 PM

ASA version is 8.2(3)

Interface:  GigabitEthernet0/1.338

Network:  172.30.0.81/28

Security Level: 50

Name:  primero

GigabitEthernet0/1.345    

Network: 172.30.0.129/29

Security level:  50

Name:  SilverWheaton

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to mkennedy

‎10-16-2012 10:29 PM

here we go:

static (primero,SilverWheaton) 172.30.0.80 172.30.0.80 netmask 255.255.255.240

Then just a "clear xlate" if you have no ACL applied to both interfaces.

Otherwise, if you have ACL applied to the interfaces, you would need to explicitly allow access between the subnet.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card