Problem with ASA 5510 routing to th next Router Subnet

Unanswered Question
Aug 2nd, 2007
User Badges:

Hi,


I am having a problem accessing the clients network through the ASA.


Here is my Senario.


----R0--------------ASA----------Internet


R0=fa0/0=10.1.1.2 to the ASA

R0=fa0/1=10.10.10.1 to the network A


ASA=e0/0=10.1.1.1 to Router R0


Now clients from the network on 10.10.10.0 can connect to the ASA upto the internet.

The ASA is the default Gateway for the network 10.10.10.0


However i am having problems connecting to the clients network 10.10.10.0 from the ASA.


i have created routes in the asa to point to the 10.10.10.0 network but it still wont work.


Please i am requesting for assistance.How can i route the 10.1.1.0 network to the 10.10.10.0 network from the ASA.








  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 08/02/2007 - 01:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Are you sure the ASA is the default-gateway for network 10.10.10.0 ? because accroding to your description the default-gateway for clients on the 10.10.10.x network should be the fa0/1 interface on your router ie. 10.10.10.1.


Can you post the routing table on the ASA and the router please.


Jon

cisco14@@ Thu, 08/02/2007 - 03:12
User Badges:

Hi Jon


Sorry the ASA is the next hop for the 10.10.10.1 not the default gateway that was a typo.


i have an ip route on the router RO for the network 10.10.10.0 pointing to the ASA,so the network 10.10.10.0 can get to the netwotk 10.1.1.0 but network 10.1.1.0 which the ASA is also part of cant get to the clients network 10.10.10.0.


I hope i am clear now.


==========================================================

ASA

====


WIA-000-OFW1# sh config


!

ASA Version 7.2(2)

!

hostname WIA-000-OFW1

domain-name wiatz.com

enable password xxx

names

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 81.x.x.2 255.255.255.0

ospf cost 10


interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

nameif testing

security-level 100

ip address 10.1.1.1. 255.255.255.0

ospf cost 10

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

management-only

!

passwd xxx

banner login

ftp mode passive

clock timezone EAT 3

dns server-group DefaultDNS

domain-name wiatz.com

access-list testing_acl extended permit ip any any

pager lines 24

logging enable

logging timestamp

logging console warnings

logging monitor warnings

logging buffered debugging

logging trap errors

logging asdm debugging

mtu outside 1500

mtu offwia 1500

mtu testing 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

asdm history enable

arp timeout 14400

global (outside) 1 81.x.x.100-81.100.80.254 netmask 255.255.255.0

nat (testing) 1 0.0.0.0 0.0.0.0

access-group testing_acl in interface testing

route outside 0.0.0.0 0.0.x.x.100.80.1 1

route testing 10.10.10.0 255.255.10.0 10.1.1.2 1

http server enable

no snmp-server location

no snmp-server contact

linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

!

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:xxx

WIA-000-OFW1#


===========================================

Router

====


UNIVERSITY#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route


Gateway of last resort is 41.221.49.1 to network 0.0.0.0


10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.1.1.0/24 is directly connected, FastEthernet0/0

C 10.10.10.0/24 is directly connected, FastEthernet0/1

S* 0.0.0.0/0 [1/0] via 10.1.1.1


Jon Marshall Thu, 08/02/2007 - 04:32
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Can you change the following entry on your ASA


route testing 10.10.10.0 255.255.10.0 10.1.1.2 1


route testing 10.10.10.0 255.255.255.0 10.1.1.2


Jon

cisco14@@ Thu, 08/02/2007 - 09:12
User Badges:

Hi Jon,


I saw that mistake in the confog and i have changed it to the one you indicate.

So know i have


route testing 10.10.10.0 255.255.255.0 10.1.1.2


But still i cant get to the clients network at 10.10.10.0 from the asa when i try to ping.


Dear jon,is there a senario that can explain to me how i can configure the ASA to connect to the clients network,becuase for the clients they can see the network 10.1.1.0 even they can get to the internet but me i cant get to there network unless i telnet into the router R0 at 10.1.1.2 then after i connect to the 10.10.10.0.


I would like to basically ping from network 10.1.1.0 to network 10.10.10.0 and i set the ASA in the routed mode but i dont know why it cant work.


thanks


Actions

This Discussion