Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Can't get traffic flowing between VLANs on an ASA 5505

  • Filter
  • Time
  • Show
Clear All
new posts

  • Can't get traffic flowing between VLANs on an ASA 5505

    I've got an ASA 5505 with the Security Plus license that I'm trying to configure.

    So far I have setup NATing on two VLANs, one called 16jda (VLAN 16 - and one called 16jdc (VLAN 11 -

    From each subnet I am able to connect to the internet, but I need these subnets to also be able to talk to each other.

    I have each VLAN interface at security level 100 and enabled "same-security-traffic permit inter-interface", and I have setup static NAT mappings between the two subnets, but they still can't communicate.

    When I try to ping there is no reply and the only log message is:
    6 Aug 21 2012 09:00:54 302020 23336 0 Built inbound ICMP connection for faddr gaddr laddr

    I have attached a copy of the router config.
    Attached Files

  • #2
    Re: Can't get traffic flowing between VLANs on an ASA 5505

    First thing i would do is get rid of these for testing purposes

    access-group acl in interface 16jdc
    access-group acl in interface 16jda

    Also make sure nat control is off: (it may be off by default in 8.2, i forget though)

    no nat-control

    Also nat exemption (nat 0 with ACL) is bidirectional so technically you shouldnt need both of these:

    nat (16jdc) 0 access-list no-nat
    nat (16jda) 0 access-list no-nat

    Is the trunk going to your switch setup right? Native vlan the same? Required vlans allowed across the trunk?

    May want to try packet tracer to check the flows between interfaces

    packet-tracer input 16jdc icmp 8 0 detailed
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)