Enable traffic between 2 vlans on Cisco ASA 5505

felipesch
felipesch used Ask the Experts™
on
Hello,

I want to enable traffic between 2 vlans on my Cisco ASA 5505 router. The interfaces are:

- serverfarm (172.16.0.0/255.255.255.0)
and
- DMZ (192.168.0.0/255.255.255.0)

Below, the current configuration:

: Saved
:
ASA Version 8.0(4)28 
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif serverfarm
 security-level 100
 ip address 172.16.0.1 255.255.255.0 
!
interface Vlan2
 nameif outside
 security-level 0
 pppoe client vpdn group brt
 ip address pppoe setroute 
!
interface Vlan12
 nameif dmz
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
 switchport access vlan 12
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu serverfarm 1500
mtu dmz 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (serverfarm) 1 0.0.0.0 0.0.0.0
nat (dmz) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 serverfarm
http 172.16.0.0 255.255.255.0 serverfarm
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group brt request dialout pppoe
vpdn group brt localname XXXXXXXX@XXXXX
vpdn group brt ppp authentication pap
vpdn username 4135577954@localturbo password ********* store-local
dhcpd auto_config outside
!
dhcpd address 172.16.0.100-172.16.0.254 serverfarm
dhcpd auto_config outside interface serverfarm
dhcpd enable serverfarm
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:2815573e0ac04627846694074fd1d5ec
: end
no asdm history enable

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Ernie BeekSenior infrastructure engineer
Top Expert 2012
Commented:
One question first, do you have a base license or a plus license?
Commented:
hi,

try adding a static nat statement between your internal networks

static (serverfarm,dmz) 172.16.0.0 172.16.0.0 netmask 255.255.255.0
static (dmz,serverfarm) 192.168.0.0 192.168.0.0 netmask 255.255.255.0

or use nat 0

//D
Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial