03-13-2019 11:22 AM
Hi,
I have a strange problem. My 5506-x is connected to Internet via outside interface and connected to a 2960-X switch. On the switch I configured 3 Vlans (SVIs). One (vlan 1) connects the asa inside-int and vlan 10 and 20 is used for end-systems. All works fine each can each other.
Internet ----- outside int ASA -inside --- vlan 1 --------- SVI 2960-x ---- vlan 10 ----- host
backup-int----| |-------vlan 20 ----- host
|
LTE-Router-------------|
No I add a mobile back via LTE Router via SLA monitoring.
Strange thing now, after disconnecting the Internet Router Interface, ASA inserted the backup as configured. I can ping the Internet from the ASA from the switch (can switch back and for both connection, all is fine), but as long as the LTE backup is up my host systems on vlan 10 and 20 cannot ping the Internet (from the hosts I can reach the inside int of the asa, but the it ends.
Any ideas what happens. I enclosed my configs as attachments.
Many thx in advance
Peter
Solved! Go to Solution.
03-13-2019 11:26 AM
Your backup router does not have routes for the the vlan 10 and 20 IP subnets so it does not know how to send the return traffic.
Jon
03-13-2019 11:26 AM
Your backup router does not have routes for the the vlan 10 and 20 IP subnets so it does not know how to send the return traffic.
Jon
03-14-2019 09:36 AM
Hi,
thx for that hint, LTE is branded with now access to expert mode. Think I will change the box.
Peter
03-14-2019 12:30 PM
The other option would be to NAT the inside subnets to the interface IP on the ASA that connects to the router so it would then know how to return the traffic.
Just another option.
Jon
03-17-2019 08:43 AM
03-17-2019 08:41 AM
Hi Jon,
changed the box with and now it works fine. Thx
kind regards
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide