Hi Rene,
I’m a newbie in need of config help involving a catalyst 4500x and ASA5512X.
I will be managing 4500x that is connected to my DataCenter provider’s ASA 5512x.
Here are the details:
All internal routing is done on the 4500x.
Inter VLAN on the switch (VLAN 500, VLAN 69, VLAN xxx, VLAN xxy)
VLAN 500 - 4500x TE1/1/17 <==> ASA Ge0/1 (Primary) and 4500x TE2/1/17 <==> ASA Ge0/1 (Secondary).
-- 10.10.10.3 / 29
4500x config:
interface TenGigabitEthernet1/1/17
switchport mode trunk
switchport trunk allowed vlan 500
interface TenGigabitEthernet2/1/17
switchport mode trunk
switchport trunk allowed vlan 500
--VLAN 69 (192.168.69.2 /24)
Interface TenGigabitEthernet1/1/4
description Test Server
switchport access vlan 69
switchport mode access
spanning-tree portfast
interface Vlan69
ip address 192.168.69.2 255.255.255.0
interface Vlan500
ip address 10.10.10.3 255.255.255.248
-- Default gateway 10.10.10.1
****************
--ASA 5512x config:
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1.500
vlan 500
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.248 standby 10.10.10.2
access-list inside_in extended permit ip 192.168.69.0 255.255.255.0 any
object network obj-192.168.69.0-24
nat (inside,outside) dynamic interface
route inside 192.168.69.0 255.255.255.0 192.168.69.2 1
******************
My DC provider claims that everything is setup on their end for internet access, however I am unable to connect to the outside from a server behind the 4500x.
From the 4500x, I can ping 10.10.10.1 and .2.
I can’t ping any public address.
No internet access from the server.
What’s missing or needs to change on either ends? Is trunking on the ASA really necessary?
Please advise.
Thanks!