I also have the same issue

JiaJunGoh · ‎04-23-2015

Hi, Currently i have a network where there is ASA5525 , cisco1941, and a 3750 switch, which all the routing, DHCP, NAT will all be in ASA5525, 3750 only act as a layer 2, I have VLAN 10, 20, 30 and 50, How to i achieve intervlan routing between 10 ,20 and 50 on ASA5525 ?

Does any experts can point me which things or solution for this ? thanks

No Ni · ‎04-28-2015

Config Template:

interface GigabitEthernet0/1
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1.10
vlan 10
nameif VLAN10
security-level <Choose you desired security level>
ip address <VLAN 10 Subnet IP ADDRESS>
!
interface GigabitEthernet0/1.20
vlan 20
nameif VLAN20
security-level <Choose you desired security level>
ip address <VLAN 20 Subnet IP ADDRESS>

interface GigabitEthernet0/1.50
vlan 50
nameif VLAN50
security-level <Choose you desired security level>
ip address <VLAN 50 Subnet IP ADDRESS>

shrekminator · ‎04-24-2016

I also have the same issue with the ASA5525. I've seen articles that ask to the the following:

int gi0/0.10

vlan 10

nameif VLAN10

security level 100

ip address 192.168.10.0 255.255.255.0

int gi0/0.20

vlan 20

nameif VLAN20

security level 100

ip address 192.168.20.0 255.255.255.0

nat (VLAN10) 10 192.168.10.0 255.255.255.0

nat (VLAN20) 20 192.168.10.0 255.255.255.0

same security traffic permit inter-interface

same security traffic permit intra-interface

I was stuck on the "nat" command, the firewall gave me an error saying the command was deprecated, it looks like the command will only work on the 5505.

Does anyone have any suggestions, I'm trying to have the subinterfaces on the ASA5525 and have a trunk from ASA5525 to a Cisco switch.

Pawan Raut · ‎04-25-2016

if you are not running on latest platform and you have issue for nat command could you please try the command

static (vlan10) <IP address>

Intervlan Routing in ASA5525