Packet not coming when you

Debabrata Majhi · ‎09-02-2016

Hi ,

I am trying to configure vlan in asa but I didn't getting ping from my remote host.Can any body help me to proper configuration of vlan and SVI so that we can user the SVI interface as gateway in across vlan.I am getting TRO from remote PC.

Here are the configuration

interface GigabitEthernet0
nameif inside
security-level 100
no ip address
!
interface GigabitEthernet0.100
vlan 100
nameif vlan100
security-level 100
ip address 172.16.100.1 255.255.255.0

ciscoasa# ping vlan100 172.16.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.2, timeout is 2 seconds:
?????

Regards

Debabrata

Francesco Molino · ‎09-02-2016

Hi

Could you just paste a copy of your design and switch configuration (port facing the ASA g0 interface)?

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Debabrata Majhi · ‎09-02-2016

I have configured

but no result

Francesco Molino · ‎09-02-2016

Hi

172.16.100.2 is your switch? When you do ping 172.16.100.2 from ASA isn't working.

What about from the switch when you ping 172.16.100.1?

On the device hosting 172.16.100.2, could you do a debug ip icmp to ensure that packets are arriving from ASA?

If IP 172.16.100.2 isn't the switch, who's host this IP? Are you sure the vlan 100 is set everywhere?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Debabrata Majhi · ‎09-02-2016

172.16.100.2 is a host IP and it is connected through switch.Switch port has been configured with vlan 100.2 system are able to ping in this swithc in 100 vlan.

Configuration already share in earlier post

Can you tell me the conifiguration of ASA is wight ?

interface GigabitEthernet0
no nameif
no ip address
no shut
!
interface GigabitEthernet0.100
vlan 100
nameif vlan100
security-level 100
ip address 172.16.100.1 255.255.255.0
no shut
!

Francesco Molino · ‎09-02-2016

Yes the configuration of ASA for interfaces is correct.

Do you have some acl on this interface? Could you, just for testing, create a rule allowing everything and apply to it?

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Debabrata Majhi · ‎09-02-2016

Hi,

One concern

I have configured in the switch

1) VTP mode server

2)VTP domain ABC

3)vlan 100 name vlan100

4)Connected interface with ASA is configured DOT1Q trunk

ALL are the right in switch level or I have to do any thing else

Francesco Molino · ‎09-02-2016

VTP could be transparent or server, ASA doesn't matter.

You just have to create your vlan and configure the interface facing asa as trunk.

On your switch, you have an IP on this vlan 100, could you run a debug ip icmp and try to ping this switch from your ASA.

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Debabrata Majhi · ‎09-02-2016

HI,

Packet is not cumming from ASA because Not showing any icmp packet in switch

through debug

Francesco Molino · ‎09-02-2016

Packet not coming when you ping the switch? Is the switch the default gateway?

Could you paste your ASA config?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

pradypan · ‎09-02-2016

Hi,

The configuration is now correct on the ASA. You can refer the belwo document if you have further concern with configuring sub interfaces on ASA.

http://www.petenetlive.com/KB/Article/0001085

You need to verify now on the switch that packet flow is fine over them or not. You can verify the same by debug icmp command.

Regards
Pradyumna

Debabrata Majhi · ‎09-02-2016

Hi

Please find the attached

Debabrata

pradypan · ‎09-02-2016

Hi,

The configuration doesn't seems to be correct, you have configured the physical interface as well on the ASA. Please configure like below.

interface GigabitEthernet0
no nameif
no ip address
no shut
!
interface GigabitEthernet0.100
vlan 100
nameif vlan100
security-level 100
ip address 172.16.100.1 255.255.255.0
no shut
!

Regards,
Pradyumna

Debabrata Majhi · ‎09-02-2016

FastEthernet1/0 is connected to ASA

interface FastEthernet1/0
switchport mode trunk
!
interface FastEthernet1/1
switchport access vlan 100
!
interface FastEthernet1/2
switchport access vlan 100

SW1(vlan)#sh cur
SW1(vlan)#sh current
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
Translational Bridged VLAN: 1002
Translational Bridged VLAN: 1003

VLAN ISL Id: 100
Name: VLAN0100
Media Type: Ethernet
VLAN 802.10 Id: 100100
State: Operational
MTU: 1500

VLAN ISL Id: 1002
Name: fddi-default
Media Type: FDDI
VLAN 802.10 Id: 101002
State: Operational
MTU: 1500
Bridge Type: SRB
Translational Bridged VLAN: 1
Translational Bridged VLAN: 1003

vlan configuration in Cisco ASA