Short version is we cannot communicate between our subnets.
We have a Cisco ASA 5505 we are using for our network router. We have a Netgear L2 switch behind that with 10 vlans. Each VLAN is on its own subnet. (10.0.10.x/24, 10.0.11.x/24, etc)
So ASA >>> Switch >>> Hosts
We have PAT for each subnet to our outside interface. Each subnet NATs out properly.
I have NAT exemption enabled for 2 of the subnets (eventually I will need all, but am just testing at the moment).
Config is here: http://pastebin.com/pDsG7hsh
I have tried multiple ways for the NAT exemption to allow all traffic from our inside VLANS. At this point in time I am trying to get "Engineering" to communicate with all hosts on "AuthUser".
I can ping some hosts, but not as many as if I am directly on the interface. I can reach a port 80 service, but not 443. I cannot access anything via hostname or NetBIOS.
What am I missing to allow higher security level interfaces to fully communicate with lower security level interfaces?
Thx!
Best Answer
have a look at Cisco ASA 5540_outside to inside traffic NAT and Cisco ASA 5505 Voice/Data VLANs not pinging/routing i think this should solve your connection and ACL question.
Why you wan't use Netbios Name Resolution instead of DNS?