Trunking question ASA 5510 and Catalyst 3550

eric.lessard · ‎09-19-2011

Hello!

a real newbe question.. am trying to setup a trunk between ASA5510 and a 3750G

all seems fine but cannot ping the ASA Ethernet0/1.12 from catalyst and not more from the asa to catalyst.

Am missing something but cannot find it

i have created a trunk on the catalyst:

ip routing

no ip domain-lookup

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 12

name vlan12

!

interface GigabitEthernet1/0/1

description trunk to ASA inside

switchport trunk encapsulation dot1q

switchport mode dynamic desirable

switchport trunk allowed vlan 12

!

interface GigabitEthernet1/0/7

description Port client

switchport access vlan 12

spanning-tree portfast

!

interface Vlan12

ip address 10.56.1.2 255.255.255.0

!

ip default-gateway 10.56.1.1

ip classless

ip route 0.0.0.0 0.0.0.0 10.56.1.1

----------------------------

asa:

ASA Version 8.2(5)

!

hostname ciscoasa

!

interface Ethernet0/0

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/1

no nameif

security-level 100

no ip address

!

interface Ethernet0/1.12

vlan 12

nameif reseau_local

security-level 100

ip address 10.56.1.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 15

ip address 192.168.10.88 255.255.255.0

!

object-group network inside_network

network-object 10.56.0.0 255.255.0.0

ftp mode passive

same-security-traffic permit intra-interface

object-group network inside_network

network-object 10.56.0.0 255.255.0.0

access-list nonat_inside extended permit ip object-group inside_network any

access-list local_in extended permit icmp any any

access-list local_in extended permit ip any any

nat-control

nat (reseau_local) 0 access-list nonat_inside

access-group local_in in interface reseau_local

route reseau_local 0.0.0.0 0.0.0.0 10.56.1.4 1

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect ip-options

inspect netbios

inspect rsh

inspect icmp

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect icmp

!

service-policy global_policy global

prompt hostname context

ciscoasa#

Any Idea?