Cisco ASA 5506 can reach ISP router, but not through SG220-50

Patrick Jonsson · ‎09-14-2015

Hi,

I encountered a weird problem today with the SG220-50 switch.

Gi1 is configured as a trunk, allowing all VLANs. It is connected to Gi0/1 on a ASA 5506 with subinterfaces (Gi0/1.8 for Internet and Gi0/10 for the local office, among others). The ASA is default gateway for the internal networks "office" and "guest".

Gi5 is configured to be a member of VLAN 8. The ISP router is attached to this port.

Gi13-48 is configured to be a member of VLAN 10 (office).

The problem: Client traffic (VLAN 10) can reach the default gateway at Gi0/1.10 but not the Internet. Not even the ASA can reach the Internet (8.8.8.8 for example).

I then deleted Gi0/1.8 and configured Gi0/4 for with the public IP address instead and connected it to Gi6 on the SG220-50 and changed VLAN membership to VLAN 8 on that port aswell. Still no connection from the ASA to Internet. But when disconnecting the ASA and ISP router from the SG220-50 and connecting them to a separate unmanaged switch, then it worked just fine!

I also tried to replace just the ASA or the ISP router at the SG220-50 with a PC, configuring the PC with the IP of the ISP router or the ASA. Communication between worked fine in both cases.

I've attached an edited version of the running-config of the switch.

Router-support · ‎09-14-2015

Call 1-855-935-7526 US & Canada Toll-Free For Router Help & Support.

Official help and support Number for Routers. Links to Router customer support and technical solutions, set-up, help, and answers to top issues.