Announcement

Collapse
No announcement yet.

Can't get traffic flowing between VLANs on an ASA 5505

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can't get traffic flowing between VLANs on an ASA 5505

    I've got an ASA 5505 with the Security Plus license that I'm trying to configure.

    So far I have setup NATing on two VLANs, one called 16jda (VLAN 16 - 10.16.2.0/24) and one called 16jdc (VLAN 11 - 10.105.11.0/24).

    From each subnet I am able to connect to the internet, but I need these subnets to also be able to talk to each other.

    I have each VLAN interface at security level 100 and enabled "same-security-traffic permit inter-interface", and I have setup static NAT mappings between the two subnets, but they still can't communicate.

    When I try to ping there is no reply and the only log message is:
    6 Aug 21 2012 09:00:54 302020 10.16.2.10 23336 10.105.11.6 0 Built inbound ICMP connection for faddr 10.16.2.10/23336 gaddr 10.105.11.6/0 laddr 10.105.11.6/0

    I have attached a copy of the router config.
    Attached Files

  • #2
    Re: Can't get traffic flowing between VLANs on an ASA 5505

    First thing i would do is get rid of these for testing purposes

    access-group acl in interface 16jdc
    access-group acl in interface 16jda

    Also make sure nat control is off: (it may be off by default in 8.2, i forget though)


    no nat-control


    Also nat exemption (nat 0 with ACL) is bidirectional so technically you shouldnt need both of these:

    nat (16jdc) 0 access-list no-nat
    nat (16jda) 0 access-list no-nat


    Is the trunk going to your switch setup right? Native vlan the same? Required vlans allowed across the trunk?


    May want to try packet tracer to check the flows between interfaces

    packet-tracer input 16jdc icmp 10.105.11.6 8 0 10.16.2.10 detailed
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment

    Working...
    X