Router with 2 ethernet ports

Unanswered Question
Mar 19th, 2007
User Badges:

Dear All,


I have Cisco 1841 Router with e ports - fa0/0 and 0/1.

0/0 is configured for vlan trunking and 4 subnets are configured.

default gateway for router is inside IP of Pix 506 e 6.3(4).

The IP details are below.

Fa0/0 - 192.168.165.91

0.1 - 192.168.20.1

0.2 - 192.168.30.1

0.3 - 192.168.40.1

fa0/1 - 192.168.60.1 connected to ASA

default gateway - 192.168.165.1


Inter-vlan routing is working fine and hosts are able to ping e/o but not to 192.168.165.1.


I have to give all PC under vlans access to internet.


Now I want to use fa0/1 to access internet from all vlans.

But I'm unable to ping from fa0/1 to ASA 's IP.


Any help on this.


Many Thanks,

Siddhartha






  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Amit Singh Mon, 03/19/2007 - 03:44
User Badges:
  • Cisco Employee,

Siddhartha,


Please paste a network diagram.Where is pix506 connected ? ASA is connected to FA0/1, what is the inside ip address of the ASA interfaces.


Do you have static routes configured on ASA for the vlan traffic on the ASA? You have to configured reverse router on ASA i.e


route inside


Do it for all the vlans and also configured the ACL to allow the ICMP traffic from ASA to the respective vlans.


-amit singh

sid916207 Mon, 03/19/2007 - 04:13
User Badges:

Hi Amit,

Thanks for reply. The complete network diagram is below.

VLANs--->Router(Inside192.168.165.91)--default gateway-> Pix1(same subnet.1) --> outside (public IP)


Router port fa0/1(192.168.60.2)-->ASA Gig0/2( 192.168.60.1) ASA 0/0 - Public IP.


Router is being used for Intervlan routing with RIP configured for all VLAN subnet and 192.168.165.0 subnet.


I want to use the fa0/1 on router to access Internet from VLANs.


Default route in VLan router is pointing to Pix (.1).


can you please tell the configuration commands?

I'm also online on skype - sid_lochan


Many thanks,

Siddhartha


flashsplash Mon, 03/19/2007 - 03:57
User Badges:

first of all would u explane what ASA is pls.


Second ur saying that trunking is working.

If ur Ethernet ports are 100mb then it's oke, but if the are 10 mb i'm amased that the trunk is working cause the trunk must be at least 100mb.


Third i see that ur using 192.168.165.1 and 192.168.20.91

My question is in what vlan are the sub int 0.1, 0.2 and 0.3 cause the there default-gateway need to be in the same subnet.


looking at ur config the sub int need to use the address 192.168.165.91


ciao flash...


ps: paste ur conf if possible pls


Amit Singh Mon, 03/19/2007 - 04:32
User Badges:
  • Cisco Employee,

Siddhartha,


Do you still want PIX or not in the picture?


If you want all the vlan traffic to be routed via ASA for internet, then point the default route on the router to the ASA IP. On ASA configure the reverse static routes as mentioned in my previous posts. Once that's is done then you will be OK to access the internet via ASA.


Let me know if you have more questions.


-amit singh

sid916207 Mon, 03/19/2007 - 04:53
User Badges:

Hi Amit,


I get route already connected error on ASA when configuring route.


only one default route is configured on ASA - 0.0.0.0 0.0.0.0 outside (public ip)


its not letting me to insert any route.


Any suggestions.?

Thanks,

Siddhartha

ciscobuddy Fri, 04/20/2007 - 12:55
User Badges:

hi sid,


i am doing the same config at my customer place. for vlan config customer requirment is 2 router (1841) , i hv configure vlan but not able to connect 2 routers back to back . hsrp is enable , i can't ping router to router.


any suggestion.


Thanks

pstebner1 Fri, 04/20/2007 - 13:52
User Badges:

Sid-

I am very confused with your config. You say that FA0/1 is 192.168.60.1 and is connected to your ASA, but in the config the IP address of FA0/1 is 172.16.15.2. Also, the access lists that you have applied to FA0/1 preclude anything from coming to or from 192.168.60.1, wherever that is - it's only allowing UDP from the host 192.168.60.2.

Also, what is the config on your ASA? Perhaps you have ICMP not being allowed on the inside interface?

I'm also confused as to why you are running RIP and also have static routes for the same networks.

Perhaps a diagram might be useful so that we can see what you are trying to achieve.


HTH,

Paul

Actions

This Discussion