09-28-2010 12:26 PM - edited 03-11-2019 11:46 AM
Hello,
I try to configure an ASA appliance in transparent multiple context mode. My topology is like this :
Router (Gi0/0.101 10.10.10.1)
\--- (Eth0/0.101) ASA (Eth0/1.1)
\--- (Fa0/1 Trunk) Switch (Fa0/2 VLAN 1)
\--- Host (10.10.10.100)
Some information :
- Subinterface and VLAN correspond (ex. Eth0/0.101 = VLAN 101, Eth0/1.1 = VLAN 1)
- Eth0/0.101 and Eth0/1.1 are VLAN allocated to my admin context
- Admin context use 10.10.10.2 as IP address
- All interfaces are up !
I can ping 10.10.10.2 from 10.10.10.1 but I can't ping 10.10.10.100 from 10.10.10.2 or 10.10.10.1.
Do you see a problem in my topology ?
Jerome
09-29-2010 06:15 PM
Hello Jerome,
I suspect the issue is between the ASA Eth0/1.1 and your Switch Fa0/1 trunk. On the switch, usually by default vlan 1 is the native vlan and this vlan is not tagged on the switch side. However, your traffic on the ASA side will be tagged with the dot1q header. Can you try configuring the ip on the main interface of the ASA Eth0/1 instead of Eth0/1.1 and see if this makes a difference ? Or use a different vlan other than 1 between the Eth0/1.1 and the Fa0/1 on the trunk.
Hope this helps.
09-29-2010 06:58 PM
Hello,
An easier alternative is to change the native VLAN on the switch. Since ASA anyways does not understand the native VLAN concept, it should not matter.
Regards,
NT
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide