Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
750
Views
0
Helpful
5
Replies

LAN issues whenever ASA 5580-40 FW is connected to VLAN ports

o.oresotu
Level 1
Level 1

‎06-15-2009 10:32 PM - edited ‎03-06-2019 06:16 AM

Hi,

I was trying to segment my internal server networks with Cisco ASA 5580-40 FW. The different servers were segmented into different vlans and works fine without the FW. However, whenever the FW DMZs are connected to ports associated to the different vlans some servers on same LAN stops communicating at Application level. When all the other vlans are shutdown leaving only the vlans where servers that are having issues resides, everything resumes work normally.

Don't know what issues are with the LAN. Could someone advise what could be going on here?

Labels:
0 Helpful
5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-15-2009 11:02 PM

Hello Olensegun,

you may want to post this in the security/firewalling forum where you can get better help.

My first impression is that you can face a license limits issue because you say that :

>> When all the other vlans are shutdown leaving only the vlans where servers that are having issues resides, everything resumes work normally.

Or there is some form of conflict in the configuration

Hope to help

Giuseppe

0 Helpful

o.oresotu
Level 1
Level 1
In response to Giuseppe Larosa

‎06-16-2009 02:29 AM

Hi guisiar,

Thanks. I strongly feels it's a LAN issues. Traffic were not initially passing through the FW. The firewall DMZ were connected to the respective Vlan of the servers in the various subnets. Could this stop server comminatyion at application level?

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to o.oresotu

‎06-16-2009 03:39 AM

Hello Olusegun,

it is diffcult to say something without more details.

the ASA being a FW can be blocking some servers/subnets or for a configuration issue or for some limitations (like the max number of vlans on the trunk if the link to the ASA is a L2 trunk)

Hope to help

Giuseppe

0 Helpful

o.oresotu
Level 1
Level 1
In response to Giuseppe Larosa

‎06-16-2009 05:03 AM

Hi giustar,

Thank you for your response. I actually have some of the interfaces of the FW DMZ configured as sub-interfaces (whc is L2) while the corresponding port it is connecting to on the switch is a trunk port carrying all Vlans. Do you think configuring vlan pruning on the switch will help?

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to o.oresotu

‎06-16-2009 11:58 PM

Hello Olusegun,

I don't think this can solve but it helps.

However, defining on the switch side the set of allowed vlans with

switchport trunk allowed vlan

is something that makes the scenario more clean.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card