4 Replies Latest reply: Mar 23, 2012 2:48 PM by joseph_rb RSS

    ASA 5520 and Cat 2960 - VLAN Routing

    joseph_rb

      I want to create multiple VLANs on the ASA for computers, printers and wireless devices. I want them all to be able to talk to to each other.

      I thought I was doing it all correctly, not the case.

      I can't ping the VLAN interface on the ASA from the Switch.

      All the interfaces are up and I set the trunk port, what am I missing?

      Below is the config files of the ASA and switch.

       

       

      ASA

       

      : Saved

      :

      ASA Version 8.2(5)

      !

      hostname HQ-ASA-5520

       

      !

      interface GigabitEthernet0/0

      nameif outsideWAN

      security-level 0

      ip address 208.82.X.X 255.255.255.252

      !

      interface GigabitEthernet0/1

      nameif insideLAN

      security-level 100

      ip address 192.168.1.1 255.255.255.0

      !

      interface GigabitEthernet0/1.10

      vlan 10

      nameif inside_10

      security-level 100

      ip address 192.168.10.1 255.255.255.0

      !

      interface GigabitEthernet0/2

      no nameif

      no security-level

      no ip address

      !

      interface GigabitEthernet0/3

      no nameif

      no security-level

      no ip address

      !

      interface Management0/0

      nameif management

      security-level 100

      ip address 192.168.254.1 255.255.255.0

      management-only

      !

      ftp mode passive

      clock timezone EST -5

      clock summer-time EDT recurring

      same-security-traffic permit inter-interface

      same-security-traffic permit intra-interface

      access-list insideLAN_access_in extended permit ip any any

      access-list inside10_access_in extended permit ip any any

      access-list inside01_access_in extended permit ip any any

      access-list insideLAN_access_in_1 extended permit ip any any

      access-list outsideWAN_access_in extended permit ip any any

      access-list inside_10_access_in extended permit ip any any

      pager lines 24

      logging asdm informational

      mtu outsideWAN 1500

      mtu insideLAN 1500

      mtu inside_10 1500

      mtu management 1500

      no failover

      icmp unreachable rate-limit 1 burst-size 1

      no asdm history enable

      arp timeout 14400

      nat-control

      global (outsideWAN) 1 interface

      global (insideLAN) 2 interface

      global (wireless) 3 interface

      nat (insideLAN) 0 access-list insideLAN_nat0_outbound

      nat (insideLAN) 1 0.0.0.0 0.0.0.0

      nat (wireless) 1 0.0.0.0 0.0.0.0

      nat (inside_10) 1 0.0.0.0 0.0.0.0

      !

      access-group outsideWAN_access_in in interface outsideWAN

      access-group insideLAN_access_in_1 in interface insideLAN

      access-group wireless_access_in in interface wireless

      access-group inside_10_access_in in interface inside_10

      route outsideWAN 0.0.0.0 0.0.0.0 208.82.X.X 1

      route insideLAN 192.168.1.0 255.255.255.0 192.168.1.1 1

      timeout xlate 3:00:00

      timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

      timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

      timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

      timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

      timeout tcp-proxy-reassembly 0:01:00

      timeout floating-conn 0:00:00

      dynamic-access-policy-record DfltAccessPolicy

      http server enable

      http 192.168.254.0 255.255.255.0 management

      http 192.168.1.0 255.255.255.0 insideLAN

      no snmp-server location

      no snmp-server contact

      snmp-server enable traps snmp authentication linkup linkdown coldstart

      !

       

      lifetime 86400

      telnet 192.168.1.0 255.255.255.0 insideLAN

      telnet timeout 5

      ssh timeout 5

      console timeout 0

       

      !

      dhcpd address 192.168.254.10-192.168.254.20 management

      dhcpd enable management

      !

      threat-detection basic-threat

      threat-detection statistics access-list

      no threat-detection statistics tcp-intercept

       

      !

      !

      !

      policy-map type inspect dns preset_dns_map

      parameters

        message-length maximum client auto

        message-length maximum 512

      !

      prompt hostname context

      no call-home reporting anonymous

       

      : end

       

      no asdm history enable

       

      and the Switch

       

      Building configuration...

       

      Current configuration : 2462 bytes

      !

      version 12.2

      no service pad

      service timestamps debug uptime

      service timestamps log uptime

      no service password-encryption

      !

      hostname HQ-SW-2960

      !

      enable secret 5

      !

      no aaa new-model

      ip subnet-zero

      !

      !

      !

      !

      no file verify auto

      !

      spanning-tree mode pvst

      spanning-tree extend system-id

      spanning-tree uplinkfast

      !

      vlan internal allocation policy ascending

      !

      interface FastEthernet0/1

      switchport trunk allowed vlan 1,10

      switchport mode trunk

      !

      interface FastEthernet0/2

      !

      interface FastEthernet0/3

      !

      interface FastEthernet0/4

      !

      interface FastEthernet0/5

      !

      interface FastEthernet0/6

      !

      interface FastEthernet0/7

      !

      interface FastEthernet0/8

      !

      interface FastEthernet0/9

      !

      interface FastEthernet0/10

      !

      interface FastEthernet0/11

      !

      interface FastEthernet0/12

      !

      interface FastEthernet0/13

      !

      interface FastEthernet0/14

      !

      interface FastEthernet0/15

      !

      interface FastEthernet0/16

      !

      interface FastEthernet0/17

      !

      interface FastEthernet0/18

      !

      interface FastEthernet0/19

      !

      interface FastEthernet0/20

      !

      interface FastEthernet0/21

      !

      interface FastEthernet0/22

      !

      interface FastEthernet0/23

      !

      interface FastEthernet0/24

      !

      interface FastEthernet0/25

      !

      interface FastEthernet0/26

      !

      interface FastEthernet0/27

      !

      interface FastEthernet0/28

      !

      interface FastEthernet0/29

      !

      interface FastEthernet0/30

      !

      interface FastEthernet0/31

      !

      interface FastEthernet0/32

      !

      interface FastEthernet0/33

      !

      interface FastEthernet0/34

      !

      interface FastEthernet0/35

      !

      interface FastEthernet0/36

      !

      interface FastEthernet0/37

      !

      interface FastEthernet0/38

      !

      interface FastEthernet0/39

      !

      interface FastEthernet0/40

      !

      interface FastEthernet0/41

      !

      interface FastEthernet0/42

      !

      interface FastEthernet0/43

      !

      interface FastEthernet0/44

      !

      interface FastEthernet0/45

      !

      interface FastEthernet0/46

      !

      interface FastEthernet0/47

      !

      interface FastEthernet0/48

      !

      interface GigabitEthernet0/1

      !

      interface GigabitEthernet0/2

      !

      interface Vlan1

      ip address 192.168.1.2 255.255.255.0

      no ip route-cache

      !

      interface Vlan10

      no ip address

      no ip route-cache

      !

      ip default-gateway 192.168.1.1

      ip http server

      !

      control-plane

      !

      !

       

      !

      end

       

       

      and the switch command

      sho int f0/1 trunk

       

       

      Port        Mode         Encapsulation  Status        Native vlan

      Fa0/1      on           802.1q         trunking      1

       

      Port        Vlans allowed on trunk

      Fa0/1      1,10

       

      Port        Vlans allowed and active in management domain

      Fa0/1      1,10

       

      Port        Vlans in spanning tree forwarding state and not pruned

      Fa0/1      1,10

       


      and the switch command

      sho ip int bri

       

      Interface              IP-Address      OK? Method Status                Protocol

      Vlan1                  192.168.1.2   YES manual up                    up

      Vlan10                 unassigned      YES manual up                    up

      FastEthernet0/1        unassigned      YES unset  up                    up

      FastEthernet0/2        unassigned      YES unset  up                    up

      FastEthernet0/3        unassigned      YES unset  up                    up