I’m having issues with setting up an asa5510 and integrate it into our vlan based network.
I have a trunk port to one of the asa’s Ethernet port and on the asa created a number of sub interfaces on that Ethernet .
I have set-up and number of new vlans that are for hosts that sit behind the asa . The vlans have been set on the network so any of our layer 3 switches can have a port set into one of the new vlans and be behind the firewall .
my problem is I cannot ping the sub-interfce on the asa (10.90.2.254) from any host on the network or even a host on the same vlan and subnet.
if I create a vlan interface on the core switch I can then ping it but any host put in that vlan is not behind the firewall and is just doing normal inter-vlan routing .
have I missed something ? can the asa do this ?
Below is how I have set my interfaces .all my interfaces have a security-level of 50 and I have enabled both same-security-traffic permit inter-interface and
same-security-traffic permit intra-interface
no ip address
description protected hosts
ip address 10.90.2.254 255.255.255.0