[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ASA 5505 no traffic between vlans

Posted on 2011-04-21
7
Medium Priority
?
692 Views
Last Modified: 2012-05-11
Dear,

Whe bought a Cisco ASA 5505 and i made a new network plan, i have planned 4 vlans vlan 10,20,30,40
My problem is that i cant get traffic from for example vlan10 iprange 10.0.1.0 to vlan20 ip range 10.0.2.0.
For testing purposes i changed all security levels to equal and enabled the "same-security-traffic permit inter-interface"

i am quit new to the cisco device so any comments are welcome

attached is my running conf
hostname ciscoasa
enable password encrypted encrypted
passwd encrypted encrypted
names
name external ip a50-outside description outside
name external ip a51-outside description web
name external ip a52-outside description kantoor
name 10.0.2.29 act-oo description ACT server 
name 10.0.2.49 davilex description Davilex werkstation
name 10.0.2.40 dc1 description domeincontroller
name 10.0.2.31 exchange-server description mailserver exchange
name 10.0.2.43 mail1 description Mailserver exchange
name 10.0.2.23 nas-server description nas-server
name 10.0.2.52 node2 description terminal server 2
name 10.0.2.54 node3 description terminal server 3
name 10.0.2.42 sql1 description SQL server
name 10.0.2.41 ts1 description Terminal server
name 10.0.2.204 vcenter description Vitrual centre
name 10.0.3.100 web1 description webserver
name 10.0.2.247 wsoo1 description werkstation tjeerd
name 10.2.0.248 wsoo2 description werkstation Brenda
name 10.2.0.249 wsoo3 description werkstation Arno
name 10.2.0.251 wsoo4 description werkstation Elieke
name 10.0.2.22 xytrium description terminal server Xytrium
name 10.0.2.243 wssec01 description Werkstation Bob
name 10.0.2.245 wssec02 description Werkstation Ronald
name external ip Exofilter1 description mailrelay ip1
name external ip Exofilter2 description tweede ip exofilter
name 192.168.1.222 backup_server
name external ip a71-outside-backup
name external ip a72-outside-backup
name external ip a80-outside-backup
name 10.0.2.45 ssl
name externalip a58-outside
name external ip a78_outside-backup
!
interface Vlan1
 nameif inside
 security-level 0
 ip address 192.168.2.2 255.255.255.0
!
interface Vlan2
 backup interface Vlan52
 nameif outside
 security-level 0
ip address a50-outside 255.255.255.240
!
interface Vlan10
 nameif inside_extern
 security-level 0
 ip address 10.0.1.2 255.255.255.0
!
interface Vlan20
 nameif inside_kantoor
 security-level 0
 ip address 10.0.2.2 255.255.255.0
!
interface Vlan30
 nameif inside_web
 security-level 100
 ip address 10.0.3.2 255.255.255.0
!
interface Vlan40
 nameif inside_mgt
 security-level 100
 ip address 10.0.4.2 255.255.255.0
!
interface Vlan52
 nameif outside_backup
 security-level 0
 ip address external ip 255.255.255.224
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
 switchport access vlan 52
!
interface Ethernet0/2
 switchport access vlan 10
!
interface Ethernet0/3
 switchport access vlan 20
!
interface Ethernet0/4
 switchport access vlan 30
!
interface Ethernet0/5
 switchport access vlan 40
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM_INLINE_TCP_1 tcp
 port-object eq https
 port-object eq pop3
 port-object eq 3389
 port-object eq www
object-group service DM_INLINE_TCP_2 tcp
 port-object eq 444
 port-object eq https
object-group service DM_INLINE_TCP_3 tcp
 port-object eq https
 port-object eq pop3
 port-object eq 3389
object-group service DM_INLINE_TCP_4 tcp
 port-object eq 444
 port-object eq https
access-list inside_extern_access_in extended permit ip any any
access-list outside_access_in remark pop3 toegang exchange
access-list outside_access_in remark https toegang exchange
access-list outside_access_in remark rdp toegang node2
access-list outside_access_in extended permit tcp any host a50-outside object-group DM_INLINE_TCP_1
access-list outside_access_in remark smtp toegang tot exchange-server
access-list outside_access_in extended permit tcp any host a50-outside eq smtp
access-list outside_access_in remark https toegang tot exchange server; ssl-vpn naar adito over poort 444
access-list outside_access_in extended permit tcp any host a52-outside object-group DM_INLINE_TCP_2
access-list outside_access_in remark smtp toegang tot mail1 voor exofilter1&exofilter2
access-list outside_access_in extended permit tcp any host a52-outside eq smtp
access-list outside_access_in remark https toegang tot webserver
access-list outside_access_in extended permit tcp any host a51-outside eq https
access-list inside_kantoor_access_in extended permit ip any any
access-list inside_web_access_in extended permit ip any any
access-list outside_backup_access_in remark pop3 toegang exchange
access-list outside_backup_access_in remark https toegang exchange
access-list outside_backup_access_in remark rdp toegang node2 (backp ip)
access-list outside_backup_access_in extended permit tcp any host a80-outside-backup object-group DM_INLINE_TCP_3
access-list outside_backup_access_in remark smtp toegang tot exchange-server (backup ip)
access-list outside_backup_access_in extended permit tcp any host a80-outside-backup eq smtp
access-list outside_backup_access_in remark https toegang tot exchange server; ssl-vpn naar adito over poort 444 (backup ip)
access-list outside_backup_access_in extended permit tcp any host a72-outside-backup object-group DM_INLINE_TCP_4
access-list outside_backup_access_in remark smtp toegang tot mail1 voor exofilter1&exofilter2 (backup ip)
access-list outside_backup_access_in extended permit tcp any host a72-outside-backup eq smtp
access-list outside_backup_access_in remark https toegang tot webserver (backup ip)
access-list outside_backup_access_in extended permit tcp any host a71-outside-backup eq https
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu inside_mgt 1500
mtu inside_kantoor 1500
mtu inside_web 1500
mtu inside_extern 1500
mtu outside_backup 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any inside_mgt
icmp permit any inside_kantoor
icmp permit any inside_web
icmp permit any inside_extern
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 2 a52-outside netmask 255.0.0.0
global (outside) 3 a51-outside netmask 255.0.0.0
global (outside) 4 a58-outside netmask 255.0.0.0
global (outside_backup) 1 interface
global (outside_backup) 2 a72-outside-backup netmask 255.0.0.0
global (outside_backup) 3 a71-outside-backup netmask 255.0.0.0
global (outside_backup) 4 a78_outside-backup netmask 255.0.0.0
nat (inside) 1 0.0.0.0 0.0.0.0
nat (inside_mgt) 4 0.0.0.0 0.0.0.0
nat (inside_kantoor) 1 0.0.0.0 0.0.0.0
nat (inside_web) 3 0.0.0.0 0.0.0.0
nat (inside_extern) 1 0.0.0.0 0.0.0.0
static (inside_kantoor,outside) tcp a52-outside https mail1 https netmask 255.255.255.255
static (inside_kantoor,outside_backup) tcp a72-outside-backup https mail1 https netmask 255.255.255.255
static (inside_kantoor,outside) tcp interface 444 ssl 444 netmask 255.255.255.255
static (inside_kantoor,outside_backup) tcp interface 444 ssl 444 netmask 255.255.255.255
static (inside_kantoor,outside) tcp a52-outside smtp mail1 smtp netmask 255.255.255.255
static (inside_kantoor,outside_backup) tcp a72-outside-backup smtp mail1 smtp netmask 255.255.255.255
static (inside_kantoor,outside) tcp interface https exchange-server https netmask 255.255.255.255
static (inside_kantoor,outside_backup) tcp interface https exchange-server https netmask 255.255.255.255
static (inside_kantoor,outside) tcp interface www exchange-server www netmask 255.255.255.255
static (inside_kantoor,outside_backup) tcp interface www exchange-server www netmask 255.255.255.255
static (inside_kantoor,outside) tcp interface pop3 exchange-server pop3 netmask 255.255.255.255
static (inside_kantoor,outside_backup) tcp interface pop3 exchange-server pop3 netmask 255.255.255.255
static (inside_kantoor,outside) tcp interface smtp exchange-server smtp netmask 255.255.255.255
static (inside_kantoor,outside_backup) tcp interface smtp exchange-server smtp netmask 255.255.255.255
static (inside_kantoor,outside) tcp interface 3389 node2 3389 netmask 255.255.255.255
static (inside_kantoor,outside_backup) tcp interface 3389 node2 3389 netmask 255.255.255.255
static (inside_kantoor,outside_backup) tcp a71-outside-backup https act-oo https netmask 255.255.255.255
static (inside_kantoor,outside) tcp a51-outside https act-oo https netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_kantoor_access_in in interface inside_kantoor
access-group inside_web_access_in in interface inside_web
access-group inside_extern_access_in in interface inside_extern
access-group outside_backup_access_in in interface outside_backup
route outside 0.0.0.0 0.0.0.0 external ip 1
route outside_backup 0.0.0.0 0.0.0.0 external ip 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect icmp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:bdbcdf745abb91a913ac037b43ce2660
: end

Open in new window

0
Comment
Question by:Seconet
  • 5
  • 2
7 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 35441904
I don't see anything wrong.  Do the devices you're trying to reach in the different VLANs use the ASA as their default gateway?  If not, do they know where the other subnets are located?
0
 

Author Comment

by:Seconet
ID: 35446535
Jmeggers

Yes clients are configured with static ip's and def gateway is the interface address of the asa. The clients dont have any static routes because all the networks are directly connected to the asa so i mentioned that extra static route's are useless.

any other suggestions ?
0
 
LVL 18

Accepted Solution

by:
jmeggers earned 1500 total points
ID: 35448314
I mocked this up in my lab and what I think you're missing is no-NATing traffic between the internal subnets.

access-list nonat extended permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0
access-list nonat extended permit ip 10.0.0.0 255.0.0.0 192.168.0.0 255.255.0.0
access-list nonat extended permit ip 192.168.0.0 255.255.0.0 10.0.0.0 255.0.0.0
nat (inside) 0 access-list nonat
nat (inside_extern) 0 access-list nonat
nat (inside_kantoor) 0 access-list nonat
nat (inside_mgt) 0 access-list nonat

I was able to ping between hosts once I added these commands.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:Seconet
ID: 35465351
Hi Jmeggers

Thanks for your reply i will try your solution today, sounds like the solution because my other dynamic nat rules are only for traffic to the outside interfaces.
0
 

Author Comment

by:Seconet
ID: 35492205
Hey Guý's

Status update, after i copied jmeggers command into the ASA i can ping between inside (192.168.2.0/24) and inside_kantoor (10.0.2.0/24)  but not between other networks... i have added the running config again,

all comments are welcome

Thanks in advance
hostname ciscoasa
enable password 
passwd 
names
name 111 a50-outside description outside
name 111 a51-outside description web
name 111 a52-outside description kantoor
name 10.0.2.29 act-oo description ACT server 
name 10.0.2.49 davilex description Davilex werkstation
name 10.0.2.40 dc1 description domeincontroller
name 10.0.2.31 exchange-server description mailserver exchange
name 10.0.2.43 mail1 description Mailserver exchange
name 10.0.2.23 nas-server description nas-server
name 10.0.2.52 node2 description terminal server 2
name 10.0.2.54 node3 description terminal server 3
name 10.0.2.42 sql1 description SQL server
name 10.0.2.41 ts1 description Terminal server
name 10.0.2.204 vcenter description Vitrual centre
name 10.0.3.100 web1 description webserver
name 10.0.2.247 wsoo1 description werkstation tjeerd
name 10.0.2.22 description terminal server Xytrium
name 10.0.2.243 wssec01 description Werkstation Bob
name 10.0.2.245 wssec02 description Werkstation Ronald
name 192.168.1.222 backup_server
name 111a71-outside-backup
name 111 a72-outside-backup
name 111 a80-outside-backup
name 10.0.2.45 ssl
name 111 a58-outside
name 111 a78_outside-backup
!
interface Vlan1
 nameif inside
 security-level 0
 ip address 192.168.2.2 255.255.255.0 
!
interface Vlan2
 backup interface Vlan52
 nameif outside
 security-level 0
 ip address a50-outside 255.255.255.240 
!
interface Vlan10
 shutdown
 nameif inside_extern
 security-level 0
 ip address 10.0.1.2 255.255.255.0 
!
interface Vlan20
 nameif inside_kantoor
 security-level 0
 ip address 10.0.2.2 255.255.255.0 
!
interface Vlan30
 nameif inside_web
 security-level 0
 ip address 10.0.3.2 255.255.255.0 
!
interface Vlan40
 shutdown
 nameif inside_mgt
 security-level 0
 ip address 10.0.4.2 255.255.255.0 
!
interface Vlan52
 nameif outside_backup
 security-level 0
 ip address outside ip 255.255.255.224 
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
 switchport access vlan 52
!
interface Ethernet0/2
 switchport access vlan 10
!
interface Ethernet0/3
 switchport access vlan 20
!
interface Ethernet0/4
 switchport access vlan 30
!
interface Ethernet0/5
 switchport access vlan 40
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM_INLINE_TCP_1 tcp
 port-object eq https
 port-object eq pop3
 port-object eq 3389
 port-object eq www
object-group service DM_INLINE_TCP_2 tcp
 port-object eq 444
 port-object eq https
object-group service DM_INLINE_TCP_3 tcp
 port-object eq https
 port-object eq pop3
 port-object eq 3389
object-group service DM_INLINE_TCP_4 tcp
 port-object eq 444
 port-object eq https
object-group service DM_INLINE_SERVICE_1
 service-object gre 
 service-object tcp eq pptp 
access-list inside_extern_access_in extended permit ip any any 
access-list outside_access_in remark pptp toegang tot nas-server (VPN verbindingen)
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any host a50-outside 
access-list outside_access_in remark pop3 toegang exchange
access-list outside_access_in remark https toegang exchange
access-list outside_access_in remark rdp toegang node2
access-list outside_access_in extended permit tcp any host a50-outside object-group DM_INLINE_TCP_1 
access-list outside_access_in remark smtp toegang tot exchange-server
access-list outside_access_in extended permit tcp any host a50-outside eq smtp 
access-list outside_access_in remark https toegang tot exchange server; ssl-vpn naar adito over poort 444
access-list outside_access_in extended permit tcp any host a52-outside object-group DM_INLINE_TCP_2 
access-list outside_access_in remark smtp toegang tot mail1 voor exofilter1&exofilter2
access-list outside_access_in extended permit tcp any host a52-outside eq smtp 
access-list outside_access_in remark https toegang tot webserver
access-list outside_access_in extended permit tcp any host a51-outside eq https 
access-list inside_kantoor_access_in extended permit ip any any 
access-list inside_web_access_in extended permit ip any any 
access-list outside_backup_access_in remark pop3 toegang exchange
access-list outside_backup_access_in remark https toegang exchange
access-list outside_backup_access_in remark rdp toegang node2 (backp ip)
access-list outside_backup_access_in extended permit tcp any host a80-outside-backup object-group DM_INLINE_TCP_3 
access-list outside_backup_access_in remark smtp toegang tot exchange-server (backup ip)
access-list outside_backup_access_in extended permit tcp any host a80-outside-backup eq smtp 
access-list outside_backup_access_in remark https toegang tot exchange server; ssl-vpn naar adito over poort 444 (backup ip)
access-list outside_backup_access_in extended permit tcp any host a72-outside-backup object-group DM_INLINE_TCP_4 
access-list outside_backup_access_in remark smtp toegang tot mail1 voor exofilter1&exofilter2 (backup ip)
access-list outside_backup_access_in extended permit tcp any host a72-outside-backup eq smtp 
access-list outside_backup_access_in remark https toegang tot webserver (backup ip)
access-list outside_backup_access_in extended permit tcp any host a71-outside-backup eq https 
access-list nonat extended permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0 
access-list nonat extended permit ip 10.0.0.0 255.0.0.0 192.168.0.0 255.255.0.0 
access-list nonat extended permit ip 192.168.0.0 255.255.0.0 10.0.0.0 255.0.0.0 
access-list inside_access_in extended permit ip any any 
access-list inside_kantoor_nat0_outbound extended permit ip 10.0.2.0 255.255.255.0 10.0.0.0 255.0.0.0 
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu inside_mgt 1500
mtu inside_kantoor 1500
mtu inside_web 1500
mtu inside_extern 1500
mtu outside_backup 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any inside_mgt
icmp permit any inside_kantoor
icmp permit any inside_web
icmp permit any inside_extern
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 2 a52-outside netmask 255.0.0.0
global (outside) 3 a51-outside netmask 255.0.0.0
global (outside) 4 a58-outside netmask 255.0.0.0
global (outside_backup) 1 interface
global (outside_backup) 2 a72-outside-backup netmask 255.0.0.0
global (outside_backup) 3 a71-outside-backup netmask 255.0.0.0
global (outside_backup) 4 a78_outside-backup netmask 255.0.0.0
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
nat (inside_mgt) 0 access-list nonat
nat (inside_mgt) 4 0.0.0.0 0.0.0.0
nat (inside_kantoor) 0 access-list nonat
nat (inside_kantoor) 1 0.0.0.0 0.0.0.0
nat (inside_web) 3 0.0.0.0 0.0.0.0
nat (inside_extern) 0 access-list nonat
nat (inside_extern) 1 0.0.0.0 0.0.0.0
static (inside_kantoor,outside) tcp interface pptp nas-server pptp netmask 255.255.255.255 
static (inside_kantoor,outside) tcp a52-outside https mail1 https netmask 255.255.255.255 
static (inside_kantoor,outside_backup) tcp a72-outside-backup https mail1 https netmask 255.255.255.255 
static (inside_kantoor,outside) tcp interface 444 ssl 444 netmask 255.255.255.255 
static (inside_kantoor,outside_backup) tcp interface 444 ssl 444 netmask 255.255.255.255 
static (inside_kantoor,outside) tcp a52-outside smtp mail1 smtp netmask 255.255.255.255 
static (inside_kantoor,outside_backup) tcp a72-outside-backup smtp mail1 smtp netmask 255.255.255.255 
static (inside_kantoor,outside) tcp interface https exchange-server https netmask 255.255.255.255 
static (inside_kantoor,outside_backup) tcp interface https exchange-server https netmask 255.255.255.255 
static (inside_kantoor,outside) tcp interface www exchange-server www netmask 255.255.255.255 
static (inside_kantoor,outside_backup) tcp interface www exchange-server www netmask 255.255.255.255 
static (inside_kantoor,outside) tcp interface pop3 exchange-server pop3 netmask 255.255.255.255 
static (inside_kantoor,outside_backup) tcp interface pop3 exchange-server pop3 netmask 255.255.255.255 
static (inside_kantoor,outside) tcp interface smtp exchange-server smtp netmask 255.255.255.255 
static (inside_kantoor,outside_backup) tcp interface smtp exchange-server smtp netmask 255.255.255.255 
static (inside_kantoor,outside) tcp interface 3389 node2 3389 netmask 255.255.255.255 
static (inside_kantoor,outside_backup) tcp interface 3389 node2 3389 netmask 255.255.255.255 
static (inside_kantoor,outside_backup) tcp a71-outside-backup https act-oo https netmask 255.255.255.255 
static (inside_kantoor,outside) tcp a51-outside https act-oo https netmask 255.255.255.255 
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group inside_kantoor_access_in in interface inside_kantoor
access-group inside_web_access_in in interface inside_web
access-group inside_extern_access_in in interface inside_extern
access-group outside_backup_access_in in interface outside_backup
route outside 0.0.0.0 0.0.0.0 62.177.186.49 1
route outside_backup 0.0.0.0 0.0.0.0 178.250.193.66 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.2.0 255.255.255.0 inside
http 10.0.2.62 255.255.255.255 inside_kantoor
http wssec01 255.255.255.255 inside_kantoor
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect icmp 
  inspect pptp 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:
: end

Open in new window

0
 

Author Comment

by:Seconet
ID: 35511564
Hey Guy's

Problem solved, Jmeggers pushed me in the right direction with the NAT Excempt rules, i made nat excemt rules for each inside interface where i want to have traffic to another inside interface !

Thanks
0
 

Author Closing Comment

by:Seconet
ID: 35511572
This sloution pushed me in the right direction !
0

Featured Post

Rewarding opportunities for women in IT

Across the nation, technology jobs are vacant because there aren’t enough qualified professionals to fill them. With a degree from WGU, you can get the credentials it takes to become an in-demand IT professional. Plus, WGU’s IT programs include industry certifications.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question