Two VLANs, one gets out but not the other

  • 7 January 2014
  • 2 replies

Userlevel 4
Create Date: Aug 2 2013 6:02PM

Hey guys,
I'm struggling with setting up a simple topology and feeling pretty dumb. Basically I want to have two VLANs: (Default) and (otherOffice), all sitting behind my ASA. The address of my ASA is

I have a x440-8t and want to split the VLAN/port assignment down the middle.

My first VLAN gets out no problem. The other VLAN can't reach the ASA. Here's the excerpts from my config below; what am I missing?


# Module vlan configuration.
configure vr VR-Default delete ports 1-12
configure vr VR-Default add ports 1-12
configure vlan Default delete ports 5-8
create vlan "otherOffice"
configure vlan otherOffice tag 150
configure vlan Default add ports 1-4, 9-12 untagged
configure vlan otherOffice add ports 5-8 untagged
configure vlan Default ipaddress
enable ipforwarding vlan Default
configure vlan otherOffice ipaddress
enable ipforwarding vlan otherOffice

# Module rtmgr configuration.
configure iproute add default
(from RedHelix)

2 replies

Userlevel 4
Create Date: Aug 2 2013 7:18PM

On your ASA, can you show us the routing table? (from Jeremy_Homan)
Userlevel 4
Create Date: Sep 7 2013 2:23AM

Most probably the other VLAN is reaching the ASA correctly but the ASA does not have a route back to it and is sending the response to its default gateway.

You should check if there's an entry for in the ASA routing table with a next hop of If not, add it. (from Daniel_Flouret)