asa 5510

[cavallo]

Qualcuno sa dirmi per quale motivo configurando una vlan sulla interfaccia Ethernet0/0 o Ethernet0/1 o Ethernet0/2 non riesco a raggiungere l'inerfaccia neache pingando l'indirizzo ip?, mentre se configuro l'interfaccia direttamente riesco anche a pingarla?

[Wizard]

Tu hai configurato una sub-interface ad esempio sulla interfaccia fisica inside?
Devi avere dietro al asa uno switch che supporti vlan...su cui appunto configuri anche la vlan appena creata

[cavallo]

Tu hai configurato una sub-interface ad esempio sulla interfaccia fisica inside?
Devi avere dietro al asa uno switch che supporti vlan...su cui appunto configuri anche la vlan appena creata

ho un catalyst3560 ho configurato una vlan con stessa classe di rete ma niente la vlan dell'asa non la vedo.

[Wizard]

Facci vedere la config di entrambi gli apparati

[cavallo]

Facci vedere la config di entrambi gli apparati

questo è lo switch

!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch1
!
enable secret 5 $1$.vu9$f7oTovyNCgd5AFoTNJbWr1
!
no aaa new-model
udld aggressive

ip subnet-zero
!
!
mls qos map cos-dscp 0 8 16 26 32 46 46 56
!
!
macro global description cisco-global
errdisable recovery cause link-flap
errdisable recovery interval 60
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
macro description cisco-router
auto qos voip trust
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/15
!
interface FastEthernet0/16
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
macro description cisco-router
auto qos voip trust
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/17
!
interface FastEthernet0/18
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
macro description cisco-router
auto qos voip trust
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/19
!
interface FastEthernet0/20
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
macro description cisco-router
auto qos voip trust
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/21
!
interface FastEthernet0/22
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
macro description cisco-router
auto qos voip trust
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.230 255.0.0.0 secondary
!
interface Vlan2
ip address 10.10.10.230 255.0.0.0 secondary
!
interface Vlan3
ip address 172.1.146.6 255.255.255.0 secondary
!
interface Vlan4
ip address 192.168.10.230 255.255.255.0
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
end


questo è l'asa5510

: Saved
:
ASA Version 7.2(1)
!
hostname ciscoasa5510
domain-name default.domain.invalid
enable password lpW.MGeEHg0ISQZq encrypted
names
dns-guard
!
interface Ethernet0/0
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/1
no nameif
security-level 100
no ip address
!
interface Ethernet0/1.1
vlan 1
nameif inside
security-level 100
ip address 192.168.10.254 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa721-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
pager lines 24
logging asdm informational
mtu management 1500
mtu inside 1500
icmp permit 192.168.1.0 255.255.255.0 management
icmp permit 192.168.10.0 255.255.255.0 inside
asdm image disk0:/asdm521.bin
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.10.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.1.0 255.255.255.0 management
telnet 192.168.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:646e778f2f73e889fa6b19edfbfb6923
: end

[Wizard]

Il problema mi sa sullo switch non sul firewall...

[cavallo]

Non sei stato molto chiaro......

non riesco a capire dove si il problema.

[Wizard]

Sullo switch dove sono le righe di configurazione che indicano che certe porte fisiche sono trunkate sulla porta inside del asa x arrivare alla vlan 1?

[cavallo]

e quindi?

Ho gia provato a togliere tutte le configurazioni sulle fastethernet dello switch ma il risultato è lo stesso.

Devo utilizzare uno switchport diverso?