10-01-2010 02:42 AM - edited 03-11-2019 11:48 AM
Hi,
I configured 3 LAN interfaces on ASA. 2 interfaces are able to communicate to each other but at 3rd interface I am creating subinterfaces. also I can ping hosts on other VLANs from Cisco 2960. but host-host communication is not getting possible.Please suggest the solution for this
Thanks
Solved! Go to Solution.
10-01-2010 03:17 AM
For communication between interfaces, you would need to configure static NAT to itself statements:
For example: If you are trying to communicate between INSIDE-VL5 and INSIDE-VL17 subnets:
static (INSIDE-VL5,INSIDE-VL17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0
Then "clear xlate" after the above changes.
Same goes for communication to other subinterface.
Hope that helps.
10-01-2010 12:33 PM
Don't forget you will need statics both ways eg.
vlan 5 = 192.168.5.0/24
vlan 17 = 192.168.6.0/24
static (VLAN5, VLAN 17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0
static (VLAN17, VLAN5) 192.168.6.0 192.168.6.0 netmask 255.255.255.0
Jon
10-01-2010 03:17 AM
For communication between interfaces, you would need to configure static NAT to itself statements:
For example: If you are trying to communicate between INSIDE-VL5 and INSIDE-VL17 subnets:
static (INSIDE-VL5,INSIDE-VL17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0
Then "clear xlate" after the above changes.
Same goes for communication to other subinterface.
Hope that helps.
10-01-2010 09:27 AM
Hi,
Thanks for the reply, but How I wil make a static NAT with the one which is already created.
for example: if Static NAT is created between VLAN-15 and VLAN-21 then How I can make one static statement with VLAN-15 to VLAN-5 ?
Will it work or is there another way to configure it?
Thanks
10-01-2010 12:18 PM
pushpendrayadav wrote:
Hi,
Thanks for the reply, but How I wil make a static NAT with the one which is already created.
for example: if Static NAT is created between VLAN-15 and VLAN-21 then How I can make one static statement with VLAN-15 to VLAN-5 ?
Will it work or is there another way to configure it?
Thanks
It will work fine, you can have multiple static NATs eg.
static (INSIDE-VL5,INSIDE-VL17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0
static (INSIDE-VL5,INSIDE-VL21) 192.168.5.0 192.168.5.0 netmask 255.255.255.0
etc..
Jon
10-01-2010 12:29 PM
Thanks, It worked but still I can not ping to host connected to interface e0/3.1 from the host connected to e 0/1. but vice versa is possible
10-01-2010 12:33 PM
Don't forget you will need statics both ways eg.
vlan 5 = 192.168.5.0/24
vlan 17 = 192.168.6.0/24
static (VLAN5, VLAN 17) 192.168.5.0 192.168.5.0 netmask 255.255.255.0
static (VLAN17, VLAN5) 192.168.6.0 192.168.6.0 netmask 255.255.255.0
Jon
10-01-2010 12:53 PM
Thanks
It worked for me.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide