cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

806
Views
0
Helpful
5
Replies
mkennedy
Beginner

Routing between two sub interfaces on ASA 5520

I have two virtual interfaces on my ASA 5520:

GigabitEthernet0/1.338     172.30.0.81/28

GigabitEthernet0/1.345     172.30.0.129/28

I have the security levels for both set to 50 and in the ASDM I have checked off "Enable traffic between two or more interfaces which are configured with same security levels"

But now the need has arisen that we allow each subnet to be routable to each other for SMTP traffic, how can I accomplish this?

1 ACCEPTED SOLUTION

Accepted Solutions

here we go:

static (primero,SilverWheaton) 172.30.0.80 172.30.0.80 netmask 255.255.255.240

Then just a "clear xlate" if you have no ACL applied to both interfaces.

Otherwise, if you have ACL applied to the interfaces, you would need to explicitly allow access between the subnet.

View solution in original post

5 REPLIES 5
Jennifer Halim
Cisco Employee

You can configure it the same way as any of your other physical interfaces.

In the configuration, just reference the name of that particular sub interface

Am I adding a static route in Device Setup > Routing > Static Routes?  Or am I creating ACLs between the two interfaces?

NAT exemption between the interfaces.

Let me know the security level and name of each interface, and I'll help you configure it. ALso what version of ASA are you running?

Plus, "show run access-group" output would help too.

ASA version is 8.2(3)

Interface:  GigabitEthernet0/1.338

Network:  172.30.0.81/28

Security Level: 50

Name:  primero

GigabitEthernet0/1.345    

Network: 172.30.0.129/29

Security level:  50

Name:  SilverWheaton

here we go:

static (primero,SilverWheaton) 172.30.0.80 172.30.0.80 netmask 255.255.255.240

Then just a "clear xlate" if you have no ACL applied to both interfaces.

Otherwise, if you have ACL applied to the interfaces, you would need to explicitly allow access between the subnet.

View solution in original post

Content for Community-Ad