Solved

Cisco ASA allowing traffic between VLAN's

Posted on 2014-12-17
4
209 Views
Last Modified: 2015-04-16
Hello,

Trying to get specific traffic to flow between VLANs on a 5505.  Basically I have 3 networks: Internet, VLAN 1 and VLAN 2.  VLAN 1 is where all of our servers are and VLAN is where all of our RDP workstations are.  We only want to allow certain traffic to go from VLAN 2 to VLAN 1 (such as RDP, telnet, etc) .  All traffic can go from VLAN 1 to VLAN 2.  Both VLAN1 and 2 can access the internet.  

Any thoughts?

Thanks,
Mike
0
Comment
Question by:ClearBlueTechnologies
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 40505683
First make sure you have a security plus license.
Cisco ASA 5505 Routing Between Two (Internal) VLANS
0
 
LVL 1

Author Comment

by:ClearBlueTechnologies
ID: 40507969
Yes, it has a security plus license.

Thanks for the example!  Is there a difference in the config if you want to allow traffic from two vlans that have difference security levels?  In my situation I need to allow the VLAN2 (security 50) access to VLAN1 (security 100) over specific ports (RDP, Telnet, etc).
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40508070
To go from a less secure to a more secure interface you simply need to allow the traffic with an ACL (if your os is older than 8.4 you also need a nat statement).

P
0
 
LVL 5

Accepted Solution

by:
Feroz Ahmed earned 500 total points
ID: 40608596
Hi,

In your question you have mentioned clearly stating you have only 3 Networks i.e Internet,VLAN1 and VLAN2 what about VLAN where your RDP workstations are present ,did you define VLAN in ASA if so where is VLAN present is it outside or Inside and where is VLAN1 and VLAN2 present in your network inside or outside .
Supposing ne of the VLAN is inside the network then the command is as below :

ASA(config-t)#access-list 101 permit icmp any any (Once you give this command you can directly ping to outside network )
ASA(config-t)#Access-list 101 permit ip any any echo reply (Once you give this command you can directly ping from outside network to Inside network).

Supposing if you want VLANs to access certain traffic such as RDP or Telnet then one can configure VLANs in such a way that is shown below :

VLAN1#switchport access vlan1
Vlan1#int fa01
vlan1#access-list 101 permit ip any any
VLAN1#access-group 101 in interface
VLAN1# No shut

In the similar way one can configure which interface on VLAN1 and VLAN2 should interact in order to share the same information.
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question