?
Solved

Cisco VLAN Configuration

Posted on 2008-11-07
4
Medium Priority
?
1,105 Views
Last Modified: 2012-05-05
I am having a problem setting up a 2950 Catalyst switch going to a ASA5520.

Here is the setup:

ASA5520 - vlan1 = 10.1.1.0/24 10.1.1.1
ASA5520 - vlan20 (subinterface) = 192.168.1.0/24 192.168.1.1

On the 2950 switch I have:

Port Fe0/1 =
switchport mode trunk
switchport priority extend trust


from a 192.168.1.5 device I can ping 192.168.1.1 < its default gateway>
from a 10.1.1.5 device I can ping 10.1.1.1 < its default gateway>

However I cannot ping device 192.168.1.5 from 10.1.1.5.

I can also ping all devices and interfaces from the ASA ping utility . . so all is up . . I just cant seem to see devices cross vlan.


I have setup to permit intra and inter traffic on the ASA but I not sure what I am missing.  I know I have gotten such a configuration working before, but I forgetting about something.

Thanks in Advance


ASA5520
 
interface GigabitEthernet0/0.20
 description vlan20 Sub-Interface
 vlan 20
 nameif vlan20
 security-level 100
 ip address 192.168.3.1 255.255.255.0
 
 
Catalyst 2590
2950
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ORL-2950-01
 
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 switchport mode trunk
 switchport priority extend trust

Open in new window

0
Comment
Question by:lwoodtri
  • 2
4 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 22905801
Please post the rest of your ASA interface configuration, not just the subinterface config.
0
 
LVL 1

Author Comment

by:lwoodtri
ID: 22906000

: Saved
: Written by enable_15 at 11:46:13.106 EST Fri Nov 7 2008
!
ASA Version 7.2(2) 
!
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
dns-guard
!
interface GigabitEthernet0/0
 nameif inside
 security-level 100
 ip address 172.16.1.1 255.255.255.0 
!
interface GigabitEthernet0/0.20
 description vlan20 Sub-Interface
 vlan 20
 nameif vlan20
 security-level 100
 ip address 192.168.2.1 255.255.255.0 
!
interface GigabitEthernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 description ASA Outside Interface
 nameif outside
 security-level 0
 ip address 
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 no ip address
 management-only
!
boot system disk0:/asa722-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
 domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list vlan20_access_in extended permit ip any any 
pager lines 24
logging enable
logging trap warnings
logging asdm warnings
mtu inside 1500
mtu management 1500
mtu vlan20 1500
mtu outside 1500
no failover
monitor-interface inside
monitor-interface management
no monitor-interface vlan20
monitor-interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm522.bin
no asdm history enable
arp timeout 14400
access-group vlan20_access_in in interface vlan20
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns migrated_dns_map_1 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny 
  inspect sunrpc 
  inspect xdmcp 
  inspect sip 
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:032dbac407851e758c8c82a9b8eed2c6
: end

Open in new window

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 22910950
enter this:
  no nat-control
0
 
LVL 1

Author Comment

by:lwoodtri
ID: 22932041
I added that and tried again.

I cannot ping the interface 172.16.1.1 from device 192.168.2.5.

I can ping and see replies from the interfaces and devices from the ASA itself, but it appears that it is not allowing from the vlan to the inside.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question