Announcement

Collapse
No announcement yet.

Intervlan routing on ASA

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intervlan routing on ASA

    can anyone help me how to do intervlan routing with ASA and what are the protcol that are blocked by default.

  • #2
    Re: Intervlan routing on ASA

    There is always google to help you. This is something I pulled off a quick google search.
    http://ciscorouterswitch.over-blog.c...103281931.html
    Or maybe this video.
    http://www.youtube.com/watch?v=jkANFicAG1k
    I think every protocol is blocked by default to you enable them.
    Does that help?
    Last edited by uk_network; 21st April 2013, 20:49.
    Please remember to award reputation points if you have received good advice.
    I do tend to think 'outside the box' so others may not always share the same views.

    MCITP -W7,
    MCSA+Messaging, CCENT, ICND2 slowly getting around to.

    Comment


    • #3
      Re: Intervlan routing on ASA

      Everything coming inbound from the outside is blocked by the ASA by default.

      Any traffic initiated from a higher security interface to a lower is allowed by default. Meaning if it originates on the inside (assuming that your inside is the "trusted interface") then the return traffic will be allowed back through as the initial connection originated on the inside. The state table keeps track of the connections.

      If you want to allow access directly from the outside then you need to manually allow it through.

      Intervlan routing isn't much different on the ASA as it is on the IOS routers. Create your sub interfaces, give them the appropriate security levels and ip addressing. If your sub interfaces have the same security levels than you will need to allow that.

      same-security-traffic permit inter-interface

      This command will allow your sub-interfaces to pass traffic to each other. No ACL is required if this command is in place and all the interfaces have the same security level applied. If there is any ACL's they will be checked though.
      CCNA, CCNA-Security, CCNP
      CCIE Security (In Progress)

      Comment


      • #4
        Re: Intervlan routing on ASA

        sorry for late reply and thanks alot for the information which you have provide me if I get any problem I will certainly share it with this helpful forum.

        Comment


        • #5
          Re: Intervlan routing on ASA

          I did help you below. All you need to do is create your sub interfaces on the ASA for the particular vlans. Give the sub interfaces security levels, ip address, vlan assignment etc.

          If your using a switch then create a dot1q trunk from your switch to the ASA. Put your clients in their perspective vlan on the switch etc...

          If you get lost check out the configuration guide for your model ASA.

          As I said previously anything from a higher security interface to a lower is allowed by default. Everything from a lower security interface to a higher is blocked.
          CCNA, CCNA-Security, CCNP
          CCIE Security (In Progress)

          Comment

          Working...
          X