Cisco ASA5510 and VLAN

Hello all!

I've a problem with a new ASA5510. I want to use two VLAN on an interface connected to a Catalyst 2960G.

I've done this config on the ASA:

interface Ethernet0/1
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1.1
 vlan 10
 nameif dmz
 security-level 50
 ip address 192.168.10.201 255.255.255.0 standby 192.168.10.202
!
interface Ethernet0/1.2
 vlan 20
 nameif dmz2
 security-level 25
 ip address 192.168.20.201 255.255.255.0 standby 192.168.20.202
!

and in the catalyst:

interface GigabitEthernet0/21
    switchport trunk native vlan 10
    switchport trunk allowed vlan 10,20
    switchport mode trunk
interface range GigabitEthernet0/1-6
    switchport mode access
    switchport access vlan 20
interface range GigabitEthernet0/7-20
    switchport mode access
    switchport access vlan 10
interface Vlan10
    ip address 192.168.10.5 255.255.255.0


But... if I try to ping (from switch) 192.168.10.201 it don't respond.
Also any host in the vlan can't reach the firewall.

What am I doing wrong?

Thanks for your help
LVL 3
Faber82Asked:
Who is Participating?
 
Faber82Author Commented:
Solved by removing "    switchport trunk native vlan 10 " on the switch config
0
 
Erik BjersPrincipal Systems AdministratorCommented:
you need to setup the interface connected to the ASA as a trunk and tag the other VLANS into the trunk.

eb
0
 
Faber82Author Commented:
How I can do this?

On asa there aren't command like switchport mode trunk...
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
Erik BjersPrincipal Systems AdministratorCommented:
you need to configure the trunk on the switch not the ASA

the port on the ASA is already acting like a trunk because you have multiple interfaces defined on it.

eb
0
 
Faber82Author Commented:
Yes, I've already do this.

ASA is connected on port 21 wich config is:
interface GigabitEthernet0/21
    switchport trunk native vlan 10
    switchport trunk allowed vlan 10,20
    switchport mode trunk
0
 
Erik BjersPrincipal Systems AdministratorCommented:
That is right this way your native clan is still 1
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.