Two VLANs, one gets out but not the other

  • 0
  • 1
  • Question
  • Updated 4 years ago
  • Answered
Create Date: Aug 2 2013 6:02PM

Hey guys,
I'm struggling with setting up a simple topology and feeling pretty dumb. Basically I want to have two VLANs: 172.16.6.2/25 (Default) and 172.16.6.129/25 (otherOffice), all sitting behind my ASA. The address of my ASA is 172.16.6.1.

I have a x440-8t and want to split the VLAN/port assignment down the middle.

My first VLAN gets out no problem. The other VLAN can't reach the ASA. Here's the excerpts from my config below; what am I missing?

Thanks!


#
# Module vlan configuration.
#
configure vr VR-Default delete ports 1-12
configure vr VR-Default add ports 1-12
configure vlan Default delete ports 5-8
create vlan "otherOffice"
configure vlan otherOffice tag 150
configure vlan Default add ports 1-4, 9-12 untagged
configure vlan otherOffice add ports 5-8 untagged
configure vlan Default ipaddress 172.16.6.2 255.255.255.128
enable ipforwarding vlan Default
configure vlan otherOffice ipaddress 172.16.6.129 255.255.255.128
enable ipforwarding vlan otherOffice

# Module rtmgr configuration.
#
configure iproute add default 172.16.6.1
(from RedHelix)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Aug 2 2013 7:18PM

On your ASA, can you show us the routing table?

(from Jeremy_Homan)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Sep 7 2013 2:23AM

Most probably the other VLAN is reaching the ASA correctly but the ASA does not have a route back to it and is sending the response to its default gateway.

You should check if there's an entry for 172.16.6.128/25 in the ASA routing table with a next hop of 172.16.6.2. If not, add it.

(from Daniel_Flouret)

This conversation is no longer open for comments or replies.