asked on cisco asa5506 traffic between interfaces
how do you allow interfaces on asa5506 to allow traffic? i see a check mark there and also ensure the security levels are the same but i cant ping either subnett of each interfaces.
appreciate your time....
thanks,
appreciate your time....
thanks,
Cisco
Last Comment
herm paul
Are the two machines together in the same office / area, or are they separated by the internet and in different locations. In the latter case, you would need to set up a VPN connection to connect the devices.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
thanks! ok, here it is:
asa5506, gigabit1/2 & 1/3, on same unit.
ips: g1/2=192.168.1.0/24 , g1/3=192.168.2.0/24
i'v ran "same-security-traffic permit intra-interface" and i can see that both interfaces are able to exchange traffic now. however, when i created a vpn from this unit(siteA) to another unit (siteB), only devices on g1/2 gets a successful ping accross to siteB. SiteB also gets a successful ping only to devices on g1/2.
vpn (site-site): siteA g1/2 & g1/3 are under one networkobject as a network.
windows firewall is turned off on all involve stations.
please let me know if you need more info.
thanks,
asa5506, gigabit1/2 & 1/3, on same unit.
ips: g1/2=192.168.1.0/24 , g1/3=192.168.2.0/24
i'v ran "same-security-traffic permit intra-interface" and i can see that both interfaces are able to exchange traffic now. however, when i created a vpn from this unit(siteA) to another unit (siteB), only devices on g1/2 gets a successful ping accross to siteB. SiteB also gets a successful ping only to devices on g1/2.
vpn (site-site): siteA g1/2 & g1/3 are under one networkobject as a network.
windows firewall is turned off on all involve stations.
please let me know if you need more info.
thanks,
Does the ACL for the VPN include both subnets?
Are but subnets excluded from NAT?
Are but subnets excluded from NAT?
ASKER
isn't ACL auto created once the vpn is configured and online? sorry, just trying to understand this...
i can see that my ACL has the default entries. unless am looking at a wrong place... please advise.
thanks,
i can see that my ACL has the default entries. unless am looking at a wrong place... please advise.
thanks,
You have to define somewhere the local and remote "interesting" subnets for encryption.
I don't use ASDM, so if that's what you're using, I won't be of much help.
If you post a sanitized configuration, that would give me somewhere to start.
I don't use ASDM, so if that's what you're using, I won't be of much help.
If you post a sanitized configuration, that would give me somewhere to start.
ASKER
ok. any specific part of the running config? i can do a lil from the cli... would you be able to show me the cli command need to run for this particular ?
term pag 0
sh run
Then do an X.X for the first two octets of the public IP(s).
Delete all line that contain: passwords, keys, usernames, logging, snmp, etc.
We're only interested in any detail that involves routing to include access lists. So, if you're using objects and object-groups, I'll need that detail. If you don't want it publicly published, sent it to my EE mailbox. I'll look at it and respond back here.
sh run
Then do an X.X for the first two octets of the public IP(s).
Delete all line that contain: passwords, keys, usernames, logging, snmp, etc.
We're only interested in any detail that involves routing to include access lists. So, if you're using objects and object-groups, I'll need that detail. If you don't want it publicly published, sent it to my EE mailbox. I'll look at it and respond back here.
ASKER
ok. sent it to your message box