07-07-2009 10:44 AM - edited 03-06-2019 06:37 AM
Hello Everyone,
I am getting confilcting information and thought I would turn to you all. On a network with 10 vlans and an ASA510 V. 8.1 being used for inter-vlan routing this is what it seems I need to do.
1) Create 10 subinterfaces on the insided interface
2) Use the subinterfaces as the default gateway for each VLN
3)Allow 8021.q trunking on the the inside interface.
4) Create static routes on teh ASA from each VLAN to the other so that there are a total of 100 statics routes.
Should inter-lan routing be working at this point?
Thanks in advance! All replies rated.
07-07-2009 10:50 AM
Step 4 is not needed. You will also need to permit traffic between each interface. There are a number of ways to do that depending on your security policy.
07-07-2009 11:01 AM
like collin said, step 4 is not needed.
is nat-control enabled? what is the security level of each interface? are there any nat rules in place?
have you allowed inter-interface communication as previously suggested?
same-security-traffic permit inter-interface
are there any acl's on any inside interfaces?
we really need to see your config to see what the problems might be.
07-07-2009 11:14 AM
07-07-2009 01:19 PM
Here's a link on NAT-Control. Basically this turns off NAT between your internal subnets and "routes" the traffic.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807fc191.shtml
In case you need config example for the sub-interfaces-
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide