How to allow access to VLAN from outside (ASA and 881)

Posted on 2011-10-05
Last Modified: 2012-05-12
I have two Cisco routers ASA5510 and 881.
881 has two vlans, VLAN1 and VLAN2. VLAN1 is on sub-net and computers from VLAN1 can communicate and authenticate to which is a domain server.
How can I configure 881 so it will allow communication the other way around? If I try to ping VLAN1 or access the  computer ( from i am unable to do it.

Please check the attached txt with 881 config and the image with network layout.

Thank you for your help.
Question by:keserm
    LVL 10

    Accepted Solution

    Easy right off the bat:

    Your host probably does not have a route to, make sure you have that route on your ASA:

    ip route 255.255.255
    LVL 18

    Expert Comment

    by:Don S.
    The ASA is not a router.  It is a firewall and as such, it likely would have rules not allowing ping to go through in that direction.  check the rules in the asa to see what is explicitly allowed through.

    Author Comment

    Thanks for the reply!


    Did you mean:
    ip route 255.255.255

    I'll have to wait until morning to make the change.
    LVL 10

    Expert Comment

     and yeah i jimped a bit too ahead of myself, make sure icmp echo and echo reply are allowed on the firewall

    Author Comment

    ASA does not allow 'ip route' command, I get:
    'Invalid input detected at '^' marker.'

    This is in production so I can't play much wit it. Should I use:

    route inside 255.255.0

    Author Comment


    'route inside 255.255.0' worked.


    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Netgear Switches 3 98
    NTP Server in VMware 5 92
    Enable  DHCP Snooping on a Cisco SG500-52P 6 51
    HP Procurve Fault-finder 4 21
    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now