09-23-2011 06:26 AM - edited 03-11-2019 02:29 PM
I implemented an ASA5505 on an access switch on a network with a single data vlan1. When I put the device online, none of my ACL's were being matched. I was wondering if someone could look at my configuration and let me know if I'm missing something.
Thank you in advance.
Solved! Go to Solution.
09-24-2011 06:30 PM
The ASA firewall is configured with VLAN 2 and VLAN 3, and if your devices are all in VLAN 1, the traffic will never pass through the firewall, hence will not be protected by the ASA firewall.
To restrict traffic between host, you would need to assign the host to different VLAN, ie: VLAN 2 and VLAN 3 as per your ASA config, so the traffic actually goes through the firewall, and will get protected by the ACL that you configure on the ASA.
09-24-2011 06:30 PM
The ASA firewall is configured with VLAN 2 and VLAN 3, and if your devices are all in VLAN 1, the traffic will never pass through the firewall, hence will not be protected by the ASA firewall.
To restrict traffic between host, you would need to assign the host to different VLAN, ie: VLAN 2 and VLAN 3 as per your ASA config, so the traffic actually goes through the firewall, and will get protected by the ACL that you configure on the ASA.
09-26-2011 06:22 AM
Thanks Jennifer. Since this is a flat VLAN1 network, do you know if it's possible to place both the inside and outside interfaces on the ASA in VLAN1?
09-28-2011 02:59 AM
No, you can't place that in the same VLAN because that will not force the traffic to go through the ASA. You can only force the traffic to go through if they are in different VLAN, and only traffic in different VLAN will be forced through the ASA. Otherwise, traffic will just be forwarded directly to the destination host if they are in the same VLAN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide