Cisco Switching/Routing :: ASA 5505 - Port 80 Route Between Vlans
Apr 14, 2013
I have 2 Vlans with seperate networks and want to create a route between one server in vlan 465 to another server in vlan 436 via port 80.Vlan 465 has a ASA 5505 inside that IP address 89.254.12.35 will be initiating the connection to address 10.200.1.213.
-Vlan 465: server address 10.200.1.213
-Vlan 436: server address 89.254.12.35
However for extended security I would like to restrict the firewall opening to an IP to IP opening.
View 7 Replies
ADVERTISEMENT
Apr 28, 2012
How can i route internal VLANs on a 3750X , my current network its small ( about 8 -10 subnets) so i dont wnat to add overhead using maybe dynamic protocol , My scenario is my stack of 3750X ( 2 switches) will be my CORE SW, i will have 2 stack more (2960S - 4 switches ) and it will connect to the 3750X with a trunk port etherchannel each link connected to a different switch, ( i was planning to use a L3 routing in the 3750X but not sure how it will works )
My core SW 3750X it will be connect with a firewall for aVPN , by a Layer 3 interface (using a static or dynamic protocol)
View 2 Replies
View Related
May 30, 2011
I have ASA 5505 Firewall with security plus license, I configured two V LAN 1 and V LAN 5 as my inside V LAN for different sub net, i need to route the traffic between this two V LAN's through ASA. I configured
int vlan 1
nameif inside
Security level 100
Ip address 172.16.100.1 255.255.255.0
[Code] .........
The problem is i am not able to ping other sub net, for ex my PC is in V LAN 1 not able to ping 192.168.22.1 ... For troubleshoot i type debug icmp trace while pinging other subnet
ICMP echo request from 192.168.22.2 to 172.16.100.101 ID=512 seq=4608 len=32ICMP echo request from 192.168.22.2 to 172.16.100.101 ID=512 seq=4864 len=32ICMP echo request from 192.168.22.2 to 172.16.100.101 ID=512 seq=5120 len=32ICMP echo request from 192.168.22.2 to 172.16.100.101 ID=512 seq=5376 len=32
I turn off the firewall on my local machine.
View 10 Replies
View Related
Feb 12, 2012
i want to create a trunk between 4507 & 3945E router & route two vlans from router 3945E
4507# vlan 99 & 51
# int vlan 99
# ip add 10.22.100.1/24
#int vlan 51
# ip add 10.22.103.1/24
[code].....
4507 version : IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.02.00.SG RELEASE SOFTWARE (fc4)
3945E: 15.1(2)T4 what I am missing?
View 3 Replies
View Related
Jun 5, 2013
I'm fairly new to Cisco products am in the process of developing my network knowledge on a deeper level. I have a 3825 with a HWIC-4ESW and I'm struggling to fully understand how the two "see" each other. I've setup a V LAN with a layer 3 address on the HWIC and added the switch ports to it. This seemed to allow devices connected to the switch ports to talk to the built-in router ports. I thought this was all making sense until i applied an access-list to the router port. It's a simple ACL i'm just using for testing and the only thing it does is blocks telnet from anywhere. I know the ACL is setup properly because if I connect a device directly to the router port i cannot telnet to the port. However, if i connect a device to one of the switch ports, i am able to telnet to the router port successfully.
It seems that I'm missing something with how traffic flows from the switch port to the router ports and how the two "see" each other.
View 2 Replies
View Related
Jul 30, 2012
We have two sites: 192.168.100.x and 192.168.101.x currently connected via IPsec VPN. On each end we have a Cisco ASA 5505. However, each site also has an MPLS VPN with intentions to move all traffic to this link. Will this work on the ASA? We need to make sure traffic can hit the ASA @ site A on the inside interface and trafiic will forward to the MPLS VPN router which then handles the traffic. Too, will it cause any problems in bi-directional flow between the two sites?
View 3 Replies
View Related
Dec 22, 2012
I have set up a scenario for a small business and have some questions about how to manage the access between the VLANs. Is there is a better / another way to do it. See the attached picture for the topology / info.
My question is:
My switches is set up with x numbers of VLANs and a routed port (no switch port) to the ASA for internet connectivity. How is the best (or only??) way to manage the access between the VLANs? Is it ACL's on the switch?
And by "managing access" I mean VLAN 50 (public WiFi) only have access to the internet, only management servers have access to management VLAN, Client VLAN only have RDP access to server VLAN and so on. Is there any way to do this in the ASA (or add another (gigabit) router to the topology)) or it the only way to have lots of ACL's on the switch itself? I have thought about "router on a stick", but then I imagine there will be a bottleneck between the switch and the ASA?
(Equipment is 2 x 3650G, ASA5505, AP1252 - see attached file).
View 3 Replies
View Related
Apr 25, 2013
We have a typicaly environment, access, distribution, core, all switches are 6500s.I have a lab environment where machines should not talk to each other, so I think private vlans would be good for this. The problem is that the access connects to the distribution with a 802.1q trunk, while the distribution connects to the core with an 802.1q trunk. See the attached image for reference.
In this case, I would configure the primary vlan (888) on the two access switches, as well as the isolated (886) and the community (887), and set the associations.
vlan 886
name Isolated_PVLAN
private-vlan isloated
vlan 887
name Community_PVLAN
private-vlan community
vlan 888
private-vlan primary
private-vlan association 886,887
exit
The host ports would be set as such.
interface g3/40
switchport mode private-vlan host
switchport private-vlan host-association 888 886
My question is where to I put the promiscuous port? Is it on the uplink between the access and distribution? And If I configure it as I have below, what about the other VLANs that are needed at the access switch? Do they still pass through the trunk as normal, even with the private-vlan configuration? Or would every other VLAN need to be configured as a secondary private-vlan on the promiscuous port?
interface g5/1
switchport mode private-vlan promiscuous
switchport private-vlan mapping 888 886,887
Also, would VLAN access-lists be a better method for controlling this traffic?
View 2 Replies
View Related
Mar 27, 2012
I have came across this topic, and I am wondering if this images can be uploaded to any 2900 series switches or not, and if this will work as access port for more than vlans. URL...
View 2 Replies
View Related
Nov 8, 2011
I'm trying to setup a port on a catalyst 3750 so it will pass traffic for 2 vlans. It connects to a (watchguard) firewall which I've configured with a primary IP (for vlan 27) and a secondary IP (for vlan 29).
However I can't seem to find the correct commands to enter on the cisco switch port (I've tried a variety).
FYI the current configuration is...
interface FastEthernet1/0/38
description ## Connection to WG vlan27 and vlan 29 ##
switchport trunk encapsulation dot1q
[Code].....
View 8 Replies
View Related
May 12, 2012
I got a Cisco 2800 router and am planning to use FastEthernet 0/1 to trunk in 802.11Q VLAN's to cater for some of our radio links. speed and operation of the sub-interface that will be created. Or explain it here. We got a radio link that we want to trunk into this Cisco 2800 and it is suppose to be connecting at 100Mbps but currently operating at around 80Mbps. Reports shows that the max in and out traffic for this link this year till today is 25Mbps. Will it not fail teh CPU etc ?
interface FastEthernet0/1
no ip address
!
[Code]....
View 11 Replies
View Related
Nov 13, 2012
Firewall: ASA 5510
Switch: Linksys SRW2048
Physical topology: PC - > VLAN99 - > SRW2048 - trunk - > ASA5510
Switch Setup:
I've been tasked with breaking up a network that has run out of IP's, and have decided to use VLANs to accomplish this. I have to use an ASA5510 to accomplish all the routing between hosts in different VLANs.Port 48 is trunked to the ASA eth0/0 interface, with VLAN 99 and VLAN 20 tagging packets, VLAN 1 Untagged. Hosts hooked up to appropriate ports on Switch.
View 2 Replies
View Related
Apr 11, 2012
I would like to configure a 3750 switch port to be able to use two vlans. I know you can do this with a voice and data vlan, but what about two data vlans ? Say I have two devices, one on a 10 subnet and the other on a 172 subnet, but i only have one wall jack for both devices to plug into. So I use a mini switch to connect both devices and connect the switch to the wall jack; and of course this all leads back to one switch port. When I go to enter the switchport access vlan 172 cmd, how would I also make it so the device on the 10 subnet could route out ?
View 9 Replies
View Related
Dec 4, 2012
I am a bit confused by the output of 'show run' and 'show run switch-profile' that pertains to a port-channel interface configured in a switch-profile. My main gaol is to find out how can I add/remove the allowed vlans the port-channel (configured as trunk) carries. The setup is like this. I have 2 N5k in vPC domain and Etherner1/11 on both switches is configured as trunk vPC that connects to a core switch. When I issue ‘show run’ for the port-channel and physical interface I get the following output. [code] From above it seems the switch-profile configuration is missing the 'switchport trunk allowed vlan' in the port-channel interface. If want I to remove vlan 30 from the allowed vlan, should I go under the switch-profile mode and remove vlan 30 from the allowed list even though the switch-profile configuration seems to be missing this.
View 2 Replies
View Related
May 30, 2013
We have a cisco 3750-48 port switch.We have a few SVI's configured and some static routes configured.I had created a new interface vlan and gave it an IP. I can ping the gateway.
Now I want to add a static route to go out that interface.when I add: ip route 10.x.x.x 255.255.255.0 10.52.10.1
it eccepts it (no errors) But, it does not show in the routing table nor in the config? How to add the static route to go out that vlan interface.
View 15 Replies
View Related
Dec 2, 2011
I'm running a couple of nexus 7000 to aggregate a building full of 3750Xs.In the past few weeks I have noticed that the vlans I added to the port-profile never got propagated.So I looked at port-profile sync information and here is what comes up: [code] Why the commands are getting cached?
View 3 Replies
View Related
Sep 25, 2011
I have a customer thats got a Linksys router now, that has a DMZ port.The DMZ port is configurede to it routes the extra public ip-adress to the DMZ port it has.At the DMZ port they have another router connected, where they routes the public ip-adresses på some other devices.How can i make this setup on a Cisco ASA 5505 (With the Security Plus licens)What i have to do is to replace the Linksys router, and make it so, so it works like it was before with the Linksys.
View 5 Replies
View Related
Jul 7, 2012
How to configure traffic flow between computers inside VLANs and a routed port? Here is the setup details:
1. Switch 3750-X
2. VLAN 100 - ( SVI IP address 192.168.100.1 /24)
3. VLAN 200 - ( SVI IP address 192.168.200.1 /24)
4. routed port gi1/0/48 (IP address 192.168.150.1 /24). Note: this port is directly connected to a firewall ASA 5520 port IP 192.168.150.100 /24
Ip routing is enabled on the switch and inter vlan traffic is flowing ok. I can ping the routed port gi1/0/48 from any computer connected in the VLAN 100 or 200. For example computer with IP 192.168.100.25 can ping the routed port 192.168.150.1. Switch can ping firewall port 192.168.150.100 and the 'sh ip route' command shows the network 192.168.150.0 /24 as directly connected network.
any computer in the two VLANs CANNOT ping firewall ASA port 192.168.150.100 Is it because inter VLAN routing does not work with a routed port on L3 switch? I looked up fallback bridging, but it is meant for non IP traffic.The goal is I am trying to set the ASA port as an internet gateway for VLANs.
View 4 Replies
View Related
Jul 25, 2011
I have purchased a subnet of 8 private IP addresses from my ISP. 109.x.x.128/29.The ISP has placed a juniper router within our data centre which is routing purely from 109.x.x.206/30 to 109.x.x.128/29 with the ip of fa0/1 set to .129.
I have linked a cisco 5505 to fa0/1 of the juniper from fa0/0 and configured its IP to .130. I have configured NAT to translate our client pool 192.168.16.x /24 address' to the internet.
Is it possible for the 5505 to route / map my remaing private IP addresses through its external port? I have tried creating a seperate VLAN for a DMZ for our servers to sit within but am returned with a subnetting error as VLAN for my external port is all ready configured within the same subnet.
View 2 Replies
View Related
May 10, 2012
Networking is not my gig, but it has to be at this very moment. We have an ASA 5505. Let me explain what's going on.
On Tuesday I wanted to be able to use the ASDM since there is less room for error. But we only had a console set up. So I ran the following commands...
in ($config)
http of course didn't do anything incomplete command
http 192.168.1.2 255.255.255.255 didn't anything incomplete command
http 192.168.200.254 255.255.255.255 inside
[Code]....
Everything started working after that. Everything worked fine all of wednesday and thursday. Then this morning it stopped processing again. When I traceroute it gets to the machine that is hooked up to the console and stops. So I'm guessing its actually getting to the ASA router and being swallowed up again...
View 23 Replies
View Related
Feb 19, 2013
I have a Cisco ASA 5505 with a fairly simple set up. Few VPN tunnels and only 3 open ports for applications. I have entered the following lines static (inside,outside) tcp interface 9002 10.0.3.230 9002 netmask 255.255.255.255 access-list outside_access_in extended permit tcp any interface outside eq 9002.I have done this before with zero issues. The other two ports are open, however, port 9002 will not be visable from the outside. The ASA says it is open, but if I go to a site like canyouseeme, it shows closed. I cannot connect to the application either.
View 3 Replies
View Related
Apr 29, 2013
I need to configure pop3 port to be open on my ASA 5505. I've created an acl and static route to do this but for some reason, it's not open.
View 1 Replies
View Related
Dec 5, 2012
I have an ASA 5505 and I have the three regular vlans, outside, inside and dmz. The best would be only have outside and inside and skip dmz, but without explenation there is not possible to have more then two clients in whats now dmz because of a mac filter on third party device.
So as security is concerned dmz and inside is equal, one to one and there should be full access between them. I ran the wizard and said that the only way traffic not should be possible to flow is from dmz to outside.
In the NAT rules the onle rule is
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
But traffic from one way or the other dmz to inside, og inside to dmz it says in log
3Dec 06 201215:38:39305006172.17.6.1053portmap translation creation failed for udp src inside:192.168.6.102/49358 dst dmz:172.17.6.10/53 From documentation I have an image with network drawing from documentation. What do I have to do allow traffic btween inside and dmz, both ways.
View 3 Replies
View Related
Jan 4, 2012
ASA 5505 vlans routing & access-list?
View 4 Replies
View Related
Feb 16, 2011
i am trying to get my router to change ports for certain tasks for eg FTP Port 21 i dont want to use 21 and telnet Port 23 i dont want to use 23 ,is there a way of routing ports so that i can get port 21 say to route to port 786 instead so i can ftp from port 786 and so and and so forth
View 3 Replies
View Related
May 30, 2012
I am unable to get traffic from any VLAN to communicate outside of the router, as well as get any traffic from outside of the router to communicate with any device on either VLAN. I am able to ping the router from each device on each VLAN, and vice versa. However, the traffic seems to die at the router, and I cannot figure out why. I know it's probably a small, easy fix, but I cannot seem to find any kind of documentation on it.
View 13 Replies
View Related
Feb 17, 2013
it is possible to route netbios broadcasts between VLANs using a RV180W. Presently i have the network configured with two vlans (one for each building). The RV180 operates as a DHCP server and internet gateway for VLAN 1 and a linksys product operates as the DHCP server and internet gateway for VLAN 2.With the addition of a static route between, we can ping freely between the VLANs, transfer files, etc. However, members of VLAN 2 must be addressed by IP in windows explorer by members of VLAN 1 and vice versa. I understand this is because Netbios broadcasts are not routed between the two vlans, precluding addressing computers by name. While this is not a critical problem, it would be "nice" if i could configure the RV180 to route only Netbios between the two (still hold other broadcasts such as DHCP). I understand this ispossible on higher-end cisco products through the use of IP-Helper addresses, but I cannot find any information on doing such on the RV180.
View 3 Replies
View Related
Jul 4, 2012
upgrading our small office network. We currently have about 75 employees with probably 125 devices on the network. I'd like to create about 10 vlans for the different departments and then configure intervlan routing as needed. Currently we have all unmanaged switches and it's just a huge broadcast storm on the network. We are upgrading our Cisco 800 router to an ASA5505 sec. Plus license. I need some recommendations on switches. Of course, this needs to be done as cheap as possible.... Is there a way to use the ASA to configure all the vlans and intervlan routing and access lists and use a cheaper switch to provide the access layer to hosts?
View 4 Replies
View Related
Jan 23, 2013
I have the following config using a Cisco 1921. I am trying to get devices on the the native VLAN to get internet access via the gateway x.x.x.73.Any thing being routed from the other Vlans 15/20/30 can get access, but nothing from an internal IP address. Is there something I am missing.
The Xs replace the same 3 octets for each interface.I am trying to route from VLANs 15/20/30 to see VLAN 5. I have tried a few things, in terms of adding extra ip routes, but can't get anything to work. Each of those Vlans have another router on the other side of them, which I have also tried adding ip routes too, but nothing. One of the routers (Vlan15 is a Draytek 2830). [code]
View 5 Replies
View Related
Mar 27, 2012
I have purchased these two switches from ebay as a test lab, I plan to connect them up via a gigastack modulecable and enable ip routing on the c3550 and vlans to talk to each other.
I'm very much a procurve person and really need to get into the cisco switching.I will want to trunklacp between the switches - whats the process is setting that up on cisco switches?
View 1 Replies
View Related
Feb 19, 2012
I have a 3560E with 2 vlans that I want to route between. one device with 2 vlans and route between.Interfaces are configured as such:
int g0/11
switchport mode access
switchport access vlan 10
int g0/12
switchport mode access
switchport access vlan 11
[code]...
Laptops on each port with 10.10.10.2 and 10.10.11.2 configured on them. I can ping from 10.10.10.2 to 10.10.11.1, but not to 10.10.11.2.What do I have to configure to be able to get the 2 laptops to talk to each other?
View 9 Replies
View Related
Jan 24, 2013
I am setting up a vm environment for a customer in my lab off site. I have two stacked 3750-x switches, a san, and threes UCS c220 M3S servers for hosts. I am trying to separate the lan traffic, san iscsi traffic, and san management traffic using vlans. The problem is i'm unable to communicate cross vlan with my current config, which I have attached to this post. The only noteworthy things in my conifg is that the ip route 0.0.0.0 0.0.0.0 192.168.83.6 is referring to a switch stack they have on site, that I will connect this stack to using the first two trunk ports on each switch, that I do not have here in the lab. I don't want to cause any confusion in why I have things set a certain way.
View 1 Replies
View Related
Feb 25, 2013
We have two catalyst 3560 switches running c3560-ipbasek9-mz.122-58.SE2.bin They are connected using etherchannel using gi 0/21 - 24 interfaces.
on 3560-1 switch, there isn't any ip-default gateway or ip route configured. It only have 1 interface vlan configured.
on 3560-2 switch, there is ip default gateway configured along with 1 interface vlan.
What i dont understand here is that, i can reach out to other subnets from 3560-1 switch in which the routing is not enabled?
View 4 Replies
View Related
