Cisco ASA 5505 - InterVLAN NAT Exemptions Implementation not working
Posted
by
Brandon Bearden
on Server Fault
See other posts from Server Fault
or by Brandon Bearden
Published on 2012-12-04T23:14:32Z
Indexed on
2012/12/05
11:09 UTC
Read the original article
Hit count: 196
Short version is we cannot communicate between our subnets.
We have a Cisco ASA 5505 we are using for our network router. We have a Netgear L3 switch behind that with 10 vlans. Each VLAN is on its own subnet. (10.0.10.x/24, 10.0.11.x/24, etc)
So ASA >>> Switch >>> Hosts
We have PAT for each subnet to our outside interface. Each subnet NATs out properly.
I have NAT exemption enabled for 2 of the subnets (eventually I will need all, but am just testing at the moment).
Config is here: http://pastebin.com/pDsG7hsh
I have tried multiple ways for the NAT exemption to allow all traffic from our inside VLANS. At this point in time I am trying to get "Engineering" to communicate with all hosts on "AuthUser".
I can ping some hosts, but not as many as if I am directly on the interface. I can reach a port 80 service, but not 443. I cannot access anything via hostname or NetBIOS.
What am I missing to allow higher security level interfaces to fully communicate with lower security level interfaces?
Thx!
© Server Fault or respective owner