Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
2
Replies

Two vinternal segments on asa

keynet
Level 1
Level 1

‎10-07-2008 04:28 AM - edited ‎02-21-2020 03:02 AM

Hello

If I configure a second internal segment on a asa 5505, the outsite connection stops. Both the old segment (Van1) and the new segment (vlan12) don't work.

Attached you will fid the configuration. Does anyone know whats is the problem?

Regards

Pascal

ASA Version 8.0(4)

!

hostname

domain-name

encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address 172.20.62.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address x.x.x.x 255.255.255.240

!

interface Vlan12

nameif Test

security-level 50

ip address 172.20.63.1 255.255.255.0

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

switchport trunk allowed vlan 1,12

switchport trunk native vlan 1

switchport mode trunk

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns server-group DefaultDNS

domain-name

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu Test 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-613.bin

no asdm history enable

arp timeout 14400

global (outside) 101 interface

nat (inside) 101 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 172.20.62.30 255.255.255.255 inside

http 172.20.0.0 255.255.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:e33acd785a904d3dda7bdf5a2c573b16

: end

0 Helpful
2 Replies 2

dominic.caron
Level 5
Level 5

‎10-07-2008 04:59 AM

It looks ok,

Do you have the "Base" or the "security plus" license? Trunking is not supported on the base license.

0 Helpful

keynet
Level 1
Level 1
In response to dominic.caron

‎10-07-2008 08:57 AM

I have the plus license.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card