Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
576
Views
0
Helpful
5
Replies

VLANs en ASA 5510

Go to solution
FRANCISCO IBARRA
Level 1
Level 1

‎09-21-2011 01:34 PM - edited ‎03-07-2019 02:21 AM

I have the following problem: I'm programming an ASA 5510 which I have assigned a physical interface vlan, this device is a switch concectado and thence to a couple of more switches.

When you ping from a terminal equipment to the interface logic of the ASA in their respective vlan, there is connectivity. however when I ping in terminal equipment that are in different vlan no connection.

I can do. that I can check

Includes the configuration of the ASA:

!

interface Ethernet0/1

no nameif

no security-level

no ip address

!

interface Ethernet0/1.100

description CONEXION VLAN1

vlan 100

nameif inside1

security-level 100

ip address 192.168.0.193 255.255.255.224

!

interface Ethernet0/1.200

description CONEXION VLAN2

vlan 200

nameif inside2

security-level 80

ip address 192.168.0.62 255.255.255.192

!

interface Ethernet0/1.300

description CONEXION VLAN3

vlan 300

nameif inside3

security-level 90

ip address 192.168.0.94 255.255.255.224

!

interface Ethernet0/1.400

description CONEXION VLAN4

vlan 400

nameif inside4

security-level 100

ip address 192.168.0.158 255.255.255.224

!

interface Ethernet0/1.500

description CONEXION VLAN5

vlan 500

nameif inside5

security-level 100

ip address 192.168.0.190 255.255.255.224

!

same-security-traffic permit inter-interface

thank for your help

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JohnTylerPearce
Level 7
Level 7
In response to FRANCISCO IBARRA

‎09-22-2011 11:08 AM

You may need to enter the following command, since you have several interfaces with the same security level.

By default, interfaces with the same security level cannot communicate between each other.

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

The last command I mentioned allows traffic to enter and exit the same interface, which by default it

not allowed. This is useful if you're doing a Hub-and-Spoke topology, where each of the spokes (other

same securit levl interfaces) need to communicate with each other.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎09-22-2011 01:54 AM

Hi,

Have you enabled icmp inspection in global policy or configured ACLs for traffic from higher to lower and applied inbound on higher?

Regards.

Alain..

Don't forget to rate helpful posts.
0 Helpful

Go to solution
FRANCISCO IBARRA
Level 1
Level 1
In response to cadet alain

‎09-22-2011 10:42 AM

The security level in all subinterfaces put it in 100.

what may be happening. I did everything you recommended.

thanks

0 Helpful

Go to solution
JohnTylerPearce
Level 7
Level 7
In response to FRANCISCO IBARRA

‎09-22-2011 11:08 AM

You may need to enter the following command, since you have several interfaces with the same security level.

By default, interfaces with the same security level cannot communicate between each other.

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

The last command I mentioned allows traffic to enter and exit the same interface, which by default it

not allowed. This is useful if you're doing a Hub-and-Spoke topology, where each of the spokes (other

same securit levl interfaces) need to communicate with each other.

0 Helpful

Go to solution
FRANCISCO IBARRA
Level 1
Level 1
In response to JohnTylerPearce

‎09-22-2011 12:24 PM

Thanks, my problem was solved with these instructions.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to FRANCISCO IBARRA

‎09-22-2011 12:25 PM

Hi,

do a packet tracer for icmp coming from one interface to another and post output.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card