Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2061
Views
0
Helpful
2
Replies

Routing between 2 vlans on an ASA 5510 version 8.4

timjeens1
Level 1
Level 1

‎04-10-2014 01:53 AM - edited ‎03-07-2019 07:02 PM

Hi There,

I am having issues configuring routing between 2 Vlans on the same ASA.

I have 2 subinterfaces configured on 2 different subnets and 2 different Vlans, and with the same security level.

#inside Vlan: inside connection
interface Ethernet0/1.1
vlan 10
nameif inside
security-level 100
ip address  192.168.0.1 255.255.255.0
no shutdown
exit

#New Inside Vlan: inside connection
interface Ethernet0/1.3
vlan 11
nameif NewInside
security-level 100
ip address  10.80.80.1 255.255.254.0
no shutdown
exit

 

I have 2 objects associated with these:

object network New-Inside-network
subnet 10.80.80.0 255.255.254.0
nat (NewInside,outside) dynamic x.x.x.x

object network inside-network
subnet 192.168.0.0 255.255.255.0
nat (inside,outside) dynamic x.x.x.x

 

 

I have both of these enabled:


same-security-traffic permit intra-interface
same-security-traffic permit inter-interface

 

 

 

I am not sure what else I am missing?

The "inside" network is the current configuration and I am trying to add another subnet to the network in another Vlan (NewInside) and trying to get them communicating.

All the switches have the new vlan added to their trunks.

I cannot ping to either the new gateway (10.80.80.1) or a host i have temporarily added to the new network (10.80.80.16) from my current network.

Any help will be greatly appreciated, please ask if you need more info.

Thanks,

-Tim

 

Labels:
0 Helpful
2 Replies 2

Vasilii Mikhailovskii
Level 7
Level 7

‎04-11-2014 06:01 AM

Hello.

could you share the configuration of the port, connected to the ASA? and "show int tru".

Please check "sh int ip br" and arp cache on the ASA.

0 Helpful

timjeens1
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎04-11-2014 07:17 AM

Hi Vasilii,

The config of the port connected to the asa is:

interface GigabitEthernet1/0/26
 switchport mode trunk
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 mls qos trust cos
 macro description cisco-switch
 auto qos trust
 spanning-tree link-type point-to-point

 

 

Show Interface Trunk:

Port        Mode             Encapsulation  Status        Native vlan

Gi1/0/26    on               802.1q         trunking      1

 

Port        Vlans allowed on trunk

Gi1/0/26    1-4094

 

In this output I did notice that the new VLAN was not present under:

Vlans allowed and active in management domain

I have set it to active now, using:

IPSW-L2-E2EHW2#conf t
IPSW-L2-E2EHW2(config)#vlan 4
IPSW-L2-E2EHW2(config-vlan)#state active

I can now communicate with the gateway across the network, in that subnet and vlan.

 

I just now need to get communication across vlans (Ping vlan 2 from vlan 3 and vice versa)

Now I am not sure whether this is an Access List job or a Route?  Either way not sure what to do.

Thanks,

-Tim

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card