Cisco ASA5510 and VLAN

Hello all!

I've a problem with a new ASA5510. I want to use two VLAN on an interface connected to a Catalyst 2960G.

I've done this config on the ASA:

interface Ethernet0/1
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1.1
 vlan 10
 nameif dmz
 security-level 50
 ip address 192.168.10.201 255.255.255.0 standby 192.168.10.202
!
interface Ethernet0/1.2
 vlan 20
 nameif dmz2
 security-level 25
 ip address 192.168.20.201 255.255.255.0 standby 192.168.20.202
!

and in the catalyst:

interface GigabitEthernet0/21
    switchport trunk native vlan 10
    switchport trunk allowed vlan 10,20
    switchport mode trunk
interface range GigabitEthernet0/1-6
    switchport mode access
    switchport access vlan 20
interface range GigabitEthernet0/7-20
    switchport mode access
    switchport access vlan 10
interface Vlan10
    ip address 192.168.10.5 255.255.255.0


But... if I try to ping (from switch) 192.168.10.201 it don't respond.
Also any host in the vlan can't reach the firewall.

What am I doing wrong?

Thanks for your help
LVL 3
Faber82Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Erik BjersPrincipal Systems AdministratorCommented:
you need to setup the interface connected to the ASA as a trunk and tag the other VLANS into the trunk.

eb
0
Faber82Author Commented:
How I can do this?

On asa there aren't command like switchport mode trunk...
0
Erik BjersPrincipal Systems AdministratorCommented:
you need to configure the trunk on the switch not the ASA

the port on the ASA is already acting like a trunk because you have multiple interfaces defined on it.

eb
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Faber82Author Commented:
Yes, I've already do this.

ASA is connected on port 21 wich config is:
interface GigabitEthernet0/21
    switchport trunk native vlan 10
    switchport trunk allowed vlan 10,20
    switchport mode trunk
0
Faber82Author Commented:
Solved by removing "    switchport trunk native vlan 10 " on the switch config
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Erik BjersPrincipal Systems AdministratorCommented:
That is right this way your native clan is still 1
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.