08-02-2007 12:56 AM - edited 03-11-2019 03:52 AM
Hi,
I am having a problem accessing the clients network through the ASA.
Here is my Senario.
----R0--------------ASA----------Internet
R0=fa0/0=10.1.1.2 to the ASA
R0=fa0/1=10.10.10.1 to the network A
ASA=e0/0=10.1.1.1 to Router R0
Now clients from the network on 10.10.10.0 can connect to the ASA upto the internet.
The ASA is the default Gateway for the network 10.10.10.0
However i am having problems connecting to the clients network 10.10.10.0 from the ASA.
i have created routes in the asa to point to the 10.10.10.0 network but it still wont work.
Please i am requesting for assistance.How can i route the 10.1.1.0 network to the 10.10.10.0 network from the ASA.
08-02-2007 01:50 AM
Hi
Are you sure the ASA is the default-gateway for network 10.10.10.0 ? because accroding to your description the default-gateway for clients on the 10.10.10.x network should be the fa0/1 interface on your router ie. 10.10.10.1.
Can you post the routing table on the ASA and the router please.
Jon
08-02-2007 03:12 AM
Hi Jon
Sorry the ASA is the next hop for the 10.10.10.1 not the default gateway that was a typo.
i have an ip route on the router RO for the network 10.10.10.0 pointing to the ASA,so the network 10.10.10.0 can get to the netwotk 10.1.1.0 but network 10.1.1.0 which the ASA is also part of cant get to the clients network 10.10.10.0.
I hope i am clear now.
==========================================================
ASA
====
WIA-000-OFW1# sh config
!
ASA Version 7.2(2)
!
hostname WIA-000-OFW1
domain-name wiatz.com
enable password xxx
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 81.x.x.2 255.255.255.0
ospf cost 10
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
nameif testing
security-level 100
ip address 10.1.1.1. 255.255.255.0
ospf cost 10
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
!
passwd xxx
banner login
ftp mode passive
clock timezone EAT 3
dns server-group DefaultDNS
domain-name wiatz.com
access-list testing_acl extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging console warnings
logging monitor warnings
logging buffered debugging
logging trap errors
logging asdm debugging
mtu outside 1500
mtu offwia 1500
mtu testing 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
asdm history enable
arp timeout 14400
global (outside) 1 81.x.x.100-81.100.80.254 netmask 255.255.255.0
nat (testing) 1 0.0.0.0 0.0.0.0
access-group testing_acl in interface testing
route outside 0.0.0.0 0.0.x.x.100.80.1 1
route testing 10.10.10.0 255.255.10.0 10.1.1.2 1
http server enable
no snmp-server location
no snmp-server contact
linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:xxx
WIA-000-OFW1#
===========================================
Router
====
UNIVERSITY#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 41.221.49.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, FastEthernet0/0
C 10.10.10.0/24 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [1/0] via 10.1.1.1
08-02-2007 04:32 AM
Hi
Can you change the following entry on your ASA
route testing 10.10.10.0 255.255.10.0 10.1.1.2 1
route testing 10.10.10.0 255.255.255.0 10.1.1.2
Jon
08-02-2007 09:12 AM
Hi Jon,
I saw that mistake in the confog and i have changed it to the one you indicate.
So know i have
route testing 10.10.10.0 255.255.255.0 10.1.1.2
But still i cant get to the clients network at 10.10.10.0 from the asa when i try to ping.
Dear jon,is there a senario that can explain to me how i can configure the ASA to connect to the clients network,becuase for the clients they can see the network 10.1.1.0 even they can get to the internet but me i cant get to there network unless i telnet into the router R0 at 10.1.1.2 then after i connect to the 10.10.10.0.
I would like to basically ping from network 10.1.1.0 to network 10.10.10.0 and i set the ASA in the routed mode but i dont know why it cant work.
thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: