05-26-2015 03:20 AM - last edited on 03-25-2019 04:34 PM by ciscomoderator
Dear Everyone!!
(Cisco 5512-X)
interface GigabitEthernet0/0
description Intranet
speed 100
duplex full
nameif inside
security-level 0
ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/1
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1.101
description NAC_DR
vlan 101
nameif nac_prod
security-level 80
ip address 21.20.20.1 255.255.255.0
!
interface GigabitEthernet0/1.201
description NAC_UAT
vlan 201
nameif nac_uat
security-level 60
ip address 22.20.20.1 255.255.255.0
-------------------------------------------------------
SWITCH (2960)
interface range FastEthernet0/1 - 12
switchport mode access
switchport access vlan 101
!
interface range FastEthernet0/13 - 23
switchport mode access
switchport access vlan 201
!
interface FastEthernet0/24
description To Firewall
switchport mode trunk
load-interval 30
speed 100
duplex full
What is the problem ?
Solved! Go to Solution.
05-26-2015 10:25 AM
> What is the problem ?
The main problem is, that you don't ask a question ... ;-)
So, which problem do you have?
05-26-2015 11:03 PM
Is it only ping that fails or also other traffic? Have you enabled icmp-inspection on the ASA?
Which addresses do you ping from which device?
05-26-2015 10:25 AM
> What is the problem ?
The main problem is, that you don't ask a question ... ;-)
So, which problem do you have?
05-26-2015 06:35 PM
Hello Karsten :)
I have to configure Inter-Vlan between ASA 5512-X with Cisco Switch 2960.
When I ping from one vlan to other vlan it not reach each other.
Best Regards,
Chhayheng
05-26-2015 11:03 PM
Is it only ping that fails or also other traffic? Have you enabled icmp-inspection on the ASA?
Which addresses do you ping from which device?
05-27-2015 12:55 AM
I already applied icmp-inspection.
I want to ping from IP 21.20.20.1 to 22.20.20.1 .
05-27-2015 01:10 AM
05-27-2015 01:25 AM
One more thing. I do research on google about InterVlan (ASA work with switch layer 2 ). Does it possible to configure inter-vlan between ASA5512-X with Layer2 Switch ?
The result:
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Result:
input-interface: nac_prod
input-status: up
input-line-status: up
Action: drop
Drop-reason: (no-route) No route to host
05-27-2015 02:22 AM
Yes, the ASA can be used for inter-vlan-routing. That's a quite common implementation.
But your packet-tracer shows that you probably used the command with wrong addresses. With directly connected interfaces, there can't be a route missing. You probably entered an address that was remote to the ASA.
05-27-2015 06:19 PM
I already fixed it by some question
First: ACL
Second: If the same security level (Allow the same-security)
Best Regards,
Chhhayheng
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
> I want to ping from IP 21.20.20.1 to 22.20.20.1 .
These are the addresses of your ASA. Ping from a system in the connected LAN to a system on the other LAN.
And do a packet-tracer to see what the ASA would do with the traffic. Perhaps it's missing/wrong access-control or NAT: