cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
381
Views
0
Helpful
4
Replies

Problem with ASA 5510 routing to th next Router Subnet

cisco14
Level 1
Level 1

Hi,

I am having a problem accessing the clients network through the ASA.

Here is my Senario.

----R0--------------ASA----------Internet

R0=fa0/0=10.1.1.2 to the ASA

R0=fa0/1=10.10.10.1 to the network A

ASA=e0/0=10.1.1.1 to Router R0

Now clients from the network on 10.10.10.0 can connect to the ASA upto the internet.

The ASA is the default Gateway for the network 10.10.10.0

However i am having problems connecting to the clients network 10.10.10.0 from the ASA.

i have created routes in the asa to point to the 10.10.10.0 network but it still wont work.

Please i am requesting for assistance.How can i route the 10.1.1.0 network to the 10.10.10.0 network from the ASA.

4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Are you sure the ASA is the default-gateway for network 10.10.10.0 ? because accroding to your description the default-gateway for clients on the 10.10.10.x network should be the fa0/1 interface on your router ie. 10.10.10.1.

Can you post the routing table on the ASA and the router please.

Jon

Hi Jon

Sorry the ASA is the next hop for the 10.10.10.1 not the default gateway that was a typo.

i have an ip route on the router RO for the network 10.10.10.0 pointing to the ASA,so the network 10.10.10.0 can get to the netwotk 10.1.1.0 but network 10.1.1.0 which the ASA is also part of cant get to the clients network 10.10.10.0.

I hope i am clear now.

==========================================================

ASA

====

WIA-000-OFW1# sh config

!

ASA Version 7.2(2)

!

hostname WIA-000-OFW1

domain-name wiatz.com

enable password xxx

names

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 81.x.x.2 255.255.255.0

ospf cost 10

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

nameif testing

security-level 100

ip address 10.1.1.1. 255.255.255.0

ospf cost 10

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

management-only

!

passwd xxx

banner login

ftp mode passive

clock timezone EAT 3

dns server-group DefaultDNS

domain-name wiatz.com

access-list testing_acl extended permit ip any any

pager lines 24

logging enable

logging timestamp

logging console warnings

logging monitor warnings

logging buffered debugging

logging trap errors

logging asdm debugging

mtu outside 1500

mtu offwia 1500

mtu testing 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

asdm history enable

arp timeout 14400

global (outside) 1 81.x.x.100-81.100.80.254 netmask 255.255.255.0

nat (testing) 1 0.0.0.0 0.0.0.0

access-group testing_acl in interface testing

route outside 0.0.0.0 0.0.x.x.100.80.1 1

route testing 10.10.10.0 255.255.10.0 10.1.1.2 1

http server enable

no snmp-server location

no snmp-server contact

linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

!

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:xxx

WIA-000-OFW1#

===========================================

Router

====

UNIVERSITY#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 41.221.49.1 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.1.1.0/24 is directly connected, FastEthernet0/0

C 10.10.10.0/24 is directly connected, FastEthernet0/1

S* 0.0.0.0/0 [1/0] via 10.1.1.1

Hi

Can you change the following entry on your ASA

route testing 10.10.10.0 255.255.10.0 10.1.1.2 1

route testing 10.10.10.0 255.255.255.0 10.1.1.2

Jon

Hi Jon,

I saw that mistake in the confog and i have changed it to the one you indicate.

So know i have

route testing 10.10.10.0 255.255.255.0 10.1.1.2

But still i cant get to the clients network at 10.10.10.0 from the asa when i try to ping.

Dear jon,is there a senario that can explain to me how i can configure the ASA to connect to the clients network,becuase for the clients they can see the network 10.1.1.0 even they can get to the internet but me i cant get to there network unless i telnet into the router R0 at 10.1.1.2 then after i connect to the 10.10.10.0.

I would like to basically ping from network 10.1.1.0 to network 10.10.10.0 and i set the ASA in the routed mode but i dont know why it cant work.

thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: