09-02-2016 06:38 AM - edited 03-12-2019 01:13 AM
Hi ,
I am trying to configure vlan in asa but I didn't getting ping from my remote host.Can any body help me to proper configuration of vlan and SVI so that we can user the SVI interface as gateway in across vlan.I am getting TRO from remote PC.
Here are the configuration
interface GigabitEthernet0
nameif inside
security-level 100
no ip address
!
interface GigabitEthernet0.100
vlan 100
nameif vlan100
security-level 100
ip address 172.16.100.1 255.255.255.0
ciscoasa# ping vlan100 172.16.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.2, timeout is 2 seconds:
?????
Regards
Debabrata
09-02-2016 06:47 AM
Hi
Could you just paste a copy of your design and switch configuration (port facing the ASA g0 interface)?
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
09-02-2016 07:16 AM
09-02-2016 07:24 AM
Hi
172.16.100.2 is your switch? When you do ping 172.16.100.2 from ASA isn't working.
What about from the switch when you ping 172.16.100.1?
On the device hosting 172.16.100.2, could you do a debug ip icmp to ensure that packets are arriving from ASA?
If IP 172.16.100.2 isn't the switch, who's host this IP? Are you sure the vlan 100 is set everywhere?
09-02-2016 07:34 AM
172.16.100.2 is a host IP and it is connected through switch.Switch port has been configured with vlan 100.2 system are able to ping in this swithc in 100 vlan.
Configuration already share in earlier post
Can you tell me the conifiguration of ASA is wight ?
interface GigabitEthernet0
no nameif
no ip address
no shut
!
interface GigabitEthernet0.100
vlan 100
nameif vlan100
security-level 100
ip address 172.16.100.1 255.255.255.0
no shut
!
09-02-2016 07:46 AM
Yes the configuration of ASA for interfaces is correct.
Do you have some acl on this interface? Could you, just for testing, create a rule allowing everything and apply to it?
Thanks
09-02-2016 08:18 AM
Hi,
One concern
I have configured in the switch
1) VTP mode server
2)VTP domain ABC
3)vlan 100 name vlan100
4)Connected interface with ASA is configured DOT1Q trunk
ALL are the right in switch level or I have to do any thing else
09-02-2016 08:26 AM
VTP could be transparent or server, ASA doesn't matter.
You just have to create your vlan and configure the interface facing asa as trunk.
On your switch, you have an IP on this vlan 100, could you run a debug ip icmp and try to ping this switch from your ASA.
Thanks
09-02-2016 08:39 AM
HI,
Packet is not cumming from ASA because Not showing any icmp packet in switch
through debug
09-02-2016 10:07 AM
Packet not coming when you ping the switch? Is the switch the default gateway?
Could you paste your ASA config?
09-02-2016 07:48 AM
Hi,
The configuration is now correct on the ASA. You can refer the belwo document if you have further concern with configuring sub interfaces on ASA.
http://www.petenetlive.com/KB/Article/0001085
You need to verify now on the switch that packet flow is fine over them or not. You can verify the same by debug icmp command.
Regards
Pradyumna
09-02-2016 07:24 AM
09-02-2016 06:57 AM
Hi,
The configuration doesn't seems to be correct, you have configured the physical interface as well on the ASA. Please configure like below.
interface GigabitEthernet0
no nameif
no ip address
no shut
!
interface GigabitEthernet0.100
vlan 100
nameif vlan100
security-level 100
ip address 172.16.100.1 255.255.255.0
no shut
!
Regards,
Pradyumna
09-02-2016 07:10 AM
FastEthernet1/0 is connected to ASA
interface FastEthernet1/0
switchport mode trunk
!
interface FastEthernet1/1
switchport access vlan 100
!
interface FastEthernet1/2
switchport access vlan 100
SW1(vlan)#sh cur
SW1(vlan)#sh current
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
Translational Bridged VLAN: 1002
Translational Bridged VLAN: 1003
VLAN ISL Id: 100
Name: VLAN0100
Media Type: Ethernet
VLAN 802.10 Id: 100100
State: Operational
MTU: 1500
VLAN ISL Id: 1002
Name: fddi-default
Media Type: FDDI
VLAN 802.10 Id: 101002
State: Operational
MTU: 1500
Bridge Type: SRB
Translational Bridged VLAN: 1
Translational Bridged VLAN: 1003
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide