Hi, I am trying to connect N5k (layer-3) and ASA, there is a requirement where some of the security-sensitive vlans have their layer-3 on the ASA and for those vlans who are less-sensitive have their svis on the N5k. I am doing a POC in my lab gear first. The n5k and the ASA are connected by 1 physical link having sub-interfaces on both the ends. There is a sub-int with vlan 10 (10.1.1.0/30) on both sides and the ASA injects a default-route to the N5k over this. so in case a non-secure vlan needs to talks to a secure-vlan it goes through via this path. My issue is that, if i create a sub-intf on the ASA, give it a vlan tag of 20, and on my N5k i add a port in that same vlan, i cannot ping my GW (ASA) from the laptop. I have also created a similar sub-int on the N5k side as well with tag 20, BUT still does not work.
Cisco Workload Optimization Manager (CWOM)
Continuously Assure Application Performance at Any Scale
Webinar: Wednesday, October 23rd at 11am ET
Today’s applications utilize traditional virtualization platforms as well as newer DevOps meth...
To participate in this event, please use the button to ask your questions
This special event - formerly known as Ask the Expert- is open only to Cisco Customers and Partners.
Many pages in the Cisco Community are acce...