cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1658
Views
0
Helpful
2
Replies
Beginner

Routing between 2 vlans on an ASA 5510 version 8.4

Hi There,

I am having issues configuring routing between 2 Vlans on the same ASA.

I have 2 subinterfaces configured on 2 different subnets and 2 different Vlans, and with the same security level.

#inside Vlan: inside connection
interface Ethernet0/1.1
vlan 10
nameif inside
security-level 100
ip address  192.168.0.1 255.255.255.0
no shutdown
exit

#New Inside Vlan: inside connection
interface Ethernet0/1.3
vlan 11
nameif NewInside
security-level 100
ip address  10.80.80.1 255.255.254.0
no shutdown
exit

 

I have 2 objects associated with these:

object network New-Inside-network
subnet 10.80.80.0 255.255.254.0
nat (NewInside,outside) dynamic x.x.x.x

object network inside-network
subnet 192.168.0.0 255.255.255.0
nat (inside,outside) dynamic x.x.x.x

 

 

I have both of these enabled:


same-security-traffic permit intra-interface
same-security-traffic permit inter-interface

 

 

 

I am not sure what else I am missing?

The "inside" network is the current configuration and I am trying to add another subnet to the network in another Vlan (NewInside) and trying to get them communicating.

All the switches have the new vlan added to their trunks.

I cannot ping to either the new gateway (10.80.80.1) or a host i have temporarily added to the new network (10.80.80.16) from my current network.

Any help will be greatly appreciated, please ask if you need more info.

Thanks,

-Tim

 

Everyone's tags (6)
2 REPLIES 2

Hello.could you share the

Hello.

could you share the configuration of the port, connected to the ASA? and "show int tru".

Please check "sh int ip br" and arp cache on the ASA.

Highlighted
Beginner

Hi Vasilii,

Hi Vasilii,

The config of the port connected to the asa is:

interface GigabitEthernet1/0/26
 switchport mode trunk
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 mls qos trust cos
 macro description cisco-switch
 auto qos trust
 spanning-tree link-type point-to-point

 

 

Show Interface Trunk:

Port        Mode             Encapsulation  Status        Native vlan

Gi1/0/26    on               802.1q         trunking      1

 

Port        Vlans allowed on trunk

Gi1/0/26    1-4094

 

In this output I did notice that the new VLAN was not present under:

Vlans allowed and active in management domain

I have set it to active now, using:

IPSW-L2-E2EHW2#conf t
IPSW-L2-E2EHW2(config)#vlan 4
IPSW-L2-E2EHW2(config-vlan)#state active

I can now communicate with the gateway across the network, in that subnet and vlan.

 

I just now need to get communication across vlans (Ping vlan 2 from vlan 3 and vice versa)

Now I am not sure whether this is an Access List job or a Route?  Either way not sure what to do.

Thanks,

-Tim

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards