General discussion

Locked

ASA 5510 Two Internal Interface Configuration

By ksecer ·
Hi,
I want to configure ASA 5510 such that
Eth 0/0 , IP : 192.168.2.1 Security Level:100
Eth 0/1 , IP : 192.168.3.1 Security Level:100
Eth 0/2 , IP : 212.175.x.x Security Level:0

Eth0/0 is inside1
Eth0/1 is inside2
Eth0/3 is outside

i want to perform that two inside interface clients can communicate each other , and access to internet via outside.

firstly,
I checked "Enable Traffic Between Same Security Level Interfaces" , and inside1 and inside2 communicate each other.
than, i added PAT for these networks can access to internet , after that inside1 and inside2 can access to internet ,but cann't communicate each other. I want that inside1 and inside2 can communicate each other and can access to internet too.

there is any suggestion? Pls help me.
thansk.

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Not sure if you fixed this, but...

by jimbobmcgee In reply to ASA 5510 Two Internal Int ...

...do you have any nat 0 settings for your interfaces?

I found that, when I enabled same-security-interface, I needed to prevent NAT'ing from occurring for traffic leaving eth0/0's subnet going to eth0/1's subnet:

same-security-traffic permit inter-interface

access-list inside1_nat0_outbound extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list inside2_nat0_outbound extended permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0

global (outside) 10 interface
nat (inside1) 0 access-list inside1_nat0_outbound
nat (inside1) 10 0.0.0.0 0.0.0.0
nat (inside2) 0 access-list inside2_nat0_outbound
nat (inside2) 10 0.0.0.0 0.0.0.0

Back to Networks Forum
1 total post (Page 1 of 1)  

Hardware Forums