I am having issues configuring routing between 2 Vlans on the same ASA.
I have 2 subinterfaces configured on 2 different subnets and 2 different Vlans, and with the same security level.
#inside Vlan: inside connection
ip address 192.168.0.1 255.255.255.0
#New Inside Vlan: inside connection
ip address 10.80.80.1 255.255.254.0
I have 2 objects associated with these:
object network New-Inside-network
subnet 10.80.80.0 255.255.254.0
nat (NewInside,outside) dynamic x.x.x.x
object network inside-network
subnet 192.168.0.0 255.255.255.0
nat (inside,outside) dynamic x.x.x.x
I have both of these enabled:
same-security-traffic permit intra-interface
same-security-traffic permit inter-interface
I am not sure what else I am missing?
The "inside" network is the current configuration and I am trying to add another subnet to the network in another Vlan (NewInside) and trying to get them communicating.
All the switches have the new vlan added to their trunks.
I cannot ping to either the new gateway (10.80.80.1) or a host i have temporarily added to the new network (10.80.80.16) from my current network.
Any help will be greatly appreciated, please ask if you need more info.
could you share the configuration of the port, connected to the ASA? and "show int tru".
Please check "sh int ip br" and arp cache on the ASA.
The config of the port connected to the asa is:
switchport mode trunk
srr-queue bandwidth share 1 30 35 5
mls qos trust cos
macro description cisco-switch
auto qos trust
spanning-tree link-type point-to-point
Show Interface Trunk:
Port Mode Encapsulation Status Native vlan
Gi1/0/26 on 802.1q trunking 1
Port Vlans allowed on trunk
In this output I did notice that the new VLAN was not present under:
Vlans allowed and active in management domain
I have set it to active now, using:
IPSW-L2-E2EHW2#conf t IPSW-L2-E2EHW2(config)#vlan 4 IPSW-L2-E2EHW2(config-vlan)#state active
I can now communicate with the gateway across the network, in that subnet and vlan.
I just now need to get communication across vlans (Ping vlan 2 from vlan 3 and vice versa)
Now I am not sure whether this is an Access List job or a Route? Either way not sure what to do.