Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Routing between subinterfaces

Reply
Thread Tools

Routing between subinterfaces

 
 
crate
Guest
Posts: n/a
 
      11-19-2007
Good Day Everyone,

My scenario is as follows.

The setup involves

1 Catalyst 2950
1 Catalyst 3750G
1 ASA 5520

My objective is to configure to additional subnets using ASA
subinterfaces as the Vlan gateways.

For this question we will use on the ASA 5520
one interface for server interaction
one interface for all user interaction.

Core Switch Catalyst 3750G

Current VLan configuration

VLAN 1 Server interface 0/0
VLAN 10 clients interface 0/1

These VLans are spread on both switches and communicate well.

So now, I created two additional vlans on the core switch,
VLAN 20 clients2
VLAN 30 clients3
Using the Catalyst 2950, I assigned two computers to vlan 20 and 30
respectively.

I configured the trunk on the 2950 interface as follows

interface FastEthernet0/20
switchport trunk native vlan 10
switchport trunk allowed vlan 20,30
switchport mode trunk
end

and its connecting interface on the 3750G configured as

interface GigabitEthernet1/0/30
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 20,30
switchport mode trunk
end

The switch interface to ASA is configured as follows
interface GigabitEthernet1/0/40
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30
switchport mode trunk
end

So after configuring this I configured the ASA interfaces as follows:

interface GigabitEthernet0/1
nameif clients
security-level 80
ip address 172.16.10.1 255.255.255.0 standby 172.16.10.2

interface GigabitEthernet0/1.20
vlan 20
nameif clients2
security-level 80
ip address 172.16.20.1 255.255.255.0 standby 172.16.20.2

interface GigabitEthernet0/1.30
vlan 30
nameif clients3
security-level 80
ip address 172.16.30.1 255.255.255.0 standby 172.16.30.2

Then I typed the command
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

The clients setup 172.168.10.3, 20.3, 30.3 were all able to ping their
respective gateways.

So now to ping the server interface, The following was added using
static NAT rule with ASDM 5.2 (I'm still learning CLI for ASA, so
please excuse me)
I'll do the print out on ASA. (sh nat servers/clients/...2/...3)

Servers
match ip servers 172.16.1.0 255.255.255.0 clients any static
translation to 172.16.1.0
match ip servers 172.16.1.0 255.255.255.0 clients2 any static
translation to 172.16.1.0
match ip servers 172.16.1.0 255.255.255.0 clients3 any static
translation to 172.16.1.0

Clients
match ip clients 172.16.10.0 255.255.255.0 servers any static
translation to 172.16.10.0 (this is my entry)
match ip clients 172.16.10.0 255.255.255.0 clients any dynamic
translation to pool 10 (No matching global)(this is not mine but would
like to know how)
match ip clients 172.16.10.0 255.255.255.0 clients2 any dynamic
translation to pool 10 (No matching global)(this is not mine but would
like to know how)
match ip clients 172.16.10.0 255.255.255.0 clients3 any dynamic
translation to pool 10 (No matching global)(this is not mine but would
like to know how)

Plus there are other rules there taht should only be there for the
clients but the same is there for all the other nameif regarding pats

Clients2
match ip clients2 172.16.20.0 255.255.255.0 servers any static
translation to 172.16.20.0

clients3
match ip clients3 172.16.30.0 255.255.255.0 servers any static
translation to 172.16.30.0

So after adding this in ASDM they can ping the server network.

The problem now exists that they cannot ping each other on the same
interface can anyone shed some light now.
Question as well with the command
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface, would I have to
configure rules for them to talk to each other provided the first
issue is resolved?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX subinterfaces and Switch subinterfaces Omarmasood360@gmail.com Cisco 1 11-17-2005 08:55 PM
bridging between 2 ATM subinterfaces/PVC's Remco Bressers Cisco 4 08-17-2005 12:56 PM
exchange routes between global IP routing table and VRF routing table zher Cisco 2 11-04-2004 11:28 PM
Netflow+NAT on subinterfaces on a stick Nick Filimonov Cisco 0 02-09-2004 02:10 PM
access-groups on vlan subinterfaces - packet directions? Tom Hickory Cisco 0 11-11-2003 12:52 PM



Advertisments