Solved

Cisco ASA allowing traffic between VLAN's

Posted on 2014-12-17
4
205 Views
Last Modified: 2015-04-16
Hello,

Trying to get specific traffic to flow between VLANs on a 5505.  Basically I have 3 networks: Internet, VLAN 1 and VLAN 2.  VLAN 1 is where all of our servers are and VLAN is where all of our RDP workstations are.  We only want to allow certain traffic to go from VLAN 2 to VLAN 1 (such as RDP, telnet, etc) .  All traffic can go from VLAN 1 to VLAN 2.  Both VLAN1 and 2 can access the internet.  

Any thoughts?

Thanks,
Mike
0
Comment
Question by:ClearBlueTechnologies
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 40505683
First make sure you have a security plus license.
Cisco ASA 5505 Routing Between Two (Internal) VLANS
0
 
LVL 1

Author Comment

by:ClearBlueTechnologies
ID: 40507969
Yes, it has a security plus license.

Thanks for the example!  Is there a difference in the config if you want to allow traffic from two vlans that have difference security levels?  In my situation I need to allow the VLAN2 (security 50) access to VLAN1 (security 100) over specific ports (RDP, Telnet, etc).
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40508070
To go from a less secure to a more secure interface you simply need to allow the traffic with an ACL (if your os is older than 8.4 you also need a nat statement).

P
0
 
LVL 5

Accepted Solution

by:
Feroz Ahmed earned 500 total points
ID: 40608596
Hi,

In your question you have mentioned clearly stating you have only 3 Networks i.e Internet,VLAN1 and VLAN2 what about VLAN where your RDP workstations are present ,did you define VLAN in ASA if so where is VLAN present is it outside or Inside and where is VLAN1 and VLAN2 present in your network inside or outside .
Supposing ne of the VLAN is inside the network then the command is as below :

ASA(config-t)#access-list 101 permit icmp any any (Once you give this command you can directly ping to outside network )
ASA(config-t)#Access-list 101 permit ip any any echo reply (Once you give this command you can directly ping from outside network to Inside network).

Supposing if you want VLANs to access certain traffic such as RDP or Telnet then one can configure VLANs in such a way that is shown below :

VLAN1#switchport access vlan1
Vlan1#int fa01
vlan1#access-list 101 permit ip any any
VLAN1#access-group 101 in interface
VLAN1# No shut

In the similar way one can configure which interface on VLAN1 and VLAN2 should interact in order to share the same information.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question