07-10-2008 01:30 PM - edited 03-06-2019 12:07 AM
hi,
i have a ASA5510 with the SecPlus license
currently physical interfaces 0/0 and 0/1 are in use
0/0 outside
0/1 inside
I have now enabled 0/2 interface and I am trying to test creation and use of VLANs on that interface. hence i created a subinterface 0/2.7 which i called testvlan
what I would like to do is enable traffic between 0/1 and 0/2.7
I would also like 0/2.7 to be able to access the internet through the 0/0 (outside) interface
i have tried various things and I can only get one of those two things to work. I can either talk between 0/1 and 0/2.7 and can't access the internet from 0/2.7 (it appears because there is no NAT for testvlan and outside)
or
I can access the internet from 0/2.7 but only by IP (DNS resolution fails because the DNS server is on 0/1 network) and i cannot talk between 0/1 and 0/2.7
any help as far as the proper configuration is concerned would be very appreciated.
Thanks
07-10-2008 01:35 PM
show the configuration...
07-10-2008 01:38 PM
this let's me talk between 0/1 and 0/2.7 but with this i cannot get to the internet. If I do a packet trace, there is no rule that blocks the traffic (according to the ASDM), but there is also no NAT rule that is used in the trace
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,testvlan) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
if i add this
nat (testvlan) 1 0.0.0.0 0.0.0.0
then nothing flows between 0/1 and 0/2.7 but i can go out to the internet by IP only
this is also enabled
same-security-traffic permit inter-interface
both interfaces are configured at 100 level
07-10-2008 01:54 PM
was that enough info?
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide