- Posts: 1
- Thank you received: 0
asa 5510 integrate into vlan based network issues
16 years 1 month ago #27585
by buzzboy
asa 5510 integrate into vlan based network issues was created by buzzboy
I’m having issues with setting up an asa5510 and integrate it into our vlan based network.
I have a trunk port to one of the asa’s Ethernet port and on the asa created a number of sub interfaces on that Ethernet .
I have set-up and number of new vlans that are for hosts that sit behind the asa . The vlans have been set on the network so any of our layer 3 switches can have a port set into one of the new vlans and be behind the firewall .
my problem is I cannot ping the sub-interfce on the asa (10.90.2.254) from any host on the network or even a host on the same vlan and subnet.
if I create a vlan interface on the core switch I can then ping it but any host put in that vlan is not behind the firewall and is just doing normal inter-vlan routing .
have I missed something ? can the asa do this ?
Below is how I have set my interfaces .all my interfaces have a security-level of 50 and I have enabled both same-security-traffic permit inter-interface and
same-security-traffic permit intra-interface
!
interface Ethernet0/0
no nameif
no security-level
no ip address
!
interface Ethernet0/0.5
description protected hosts
vlan 90
nameif protected
security-level 50
ip address 10.90.2.254 255.255.255.0
I have a trunk port to one of the asa’s Ethernet port and on the asa created a number of sub interfaces on that Ethernet .
I have set-up and number of new vlans that are for hosts that sit behind the asa . The vlans have been set on the network so any of our layer 3 switches can have a port set into one of the new vlans and be behind the firewall .
my problem is I cannot ping the sub-interfce on the asa (10.90.2.254) from any host on the network or even a host on the same vlan and subnet.
if I create a vlan interface on the core switch I can then ping it but any host put in that vlan is not behind the firewall and is just doing normal inter-vlan routing .
have I missed something ? can the asa do this ?
Below is how I have set my interfaces .all my interfaces have a security-level of 50 and I have enabled both same-security-traffic permit inter-interface and
same-security-traffic permit intra-interface
!
interface Ethernet0/0
no nameif
no security-level
no ip address
!
interface Ethernet0/0.5
description protected hosts
vlan 90
nameif protected
security-level 50
ip address 10.90.2.254 255.255.255.0
16 years 1 month ago #27618
by S0lo
1. Does this happen only for this sub-interface (Ethernet0/0.5) ? In other words, can you ping other sub-interfaces ?
2. I see vlan 90. Is this a typo? did you mean vlan 9 or vlan 5 ?
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: asa 5510 integrate into vlan based network issues
my problem is I cannot ping the sub-interfce on the asa (10.90.2.254) from any host on the network or even a host on the same vlan and subnet.
1. Does this happen only for this sub-interface (Ethernet0/0.5) ? In other words, can you ping other sub-interfaces ?
2. I see vlan 90. Is this a typo? did you mean vlan 9 or vlan 5 ?
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Time to create page: 0.114 seconds