Routing Between ASA and 2811

Unanswered Question
Mar 17th, 2009

Hi, I'm trying to successfully route traffic between two of my systems. I have 2 network both are using the ASA5520 (I've attach a diagram). I want network_A to communicate with Network_B. I've use a router in between (2811) and set an IP from network_A to F0/0 and network_B f0/1. I have a route on both ASA configured as this; for network_A's traffic coming from network_B route to F0/0 interface and vice versa. Now when I ping the other network it reply; but when I try to use telnet or the intranet on the other network it does not work. When I use the 2811 interfaces as the gateway for both hosts machine it can fully see the other network; what am I missing? Your input is much appreciated thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
solpandor Tue, 03/17/2009 - 09:17

hi

i cant seem to download your topolgy, i think i understand what you trying to achieve.

1)Is your router in between the 2 ASA;s?

2)Is your ASA in routed or transparent mode?

3)have you configured ACL on the ASA's ?

4)please post the ASA config.

HTH

jlouis1920 Tue, 03/17/2009 - 12:27

1)Yes, the router is in between both ASAs. The router bounds both networks together. It is connected to my 3750s

2)My ASA is in routed mode

3)Yes,

4)I've attached the configurations of the 3 devices

Attachment: 
veljko.tasic Tue, 03/17/2009 - 11:39

Hi,

I'm not quite clear with that what you want to achieve with this design.

If you want to telnet from Host_A to Host_B and still to have access to internet via ASA best way to do that is to leave default gateways as they are and add additional route to both hosts.

Example:

Host_A ip: 192.168.28.7

Host_A gw: 192.168.28.1

Host_B ip: 192.168.20.7

Host_B gw: 192.168.20.1

Then you add additional routes(you should modify these commands to accommodate them to your host os)

on Host_A route add 192.168.20.0/22 192.168.28.5

on Host_B route add 192.168.28.0/22 192.168.20.5

There are other ways to achieve similar functionality.

You can set router as default gateway for hosts and on router you can add routes for networks and for internet.

Also, you can setup asa with routing but then you must use same-security-traffic command to enable asa to allow that.

More on that:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml

Let us know if this was helpful for you.

jlouis1920 Tue, 03/17/2009 - 12:44

What I want to do is to transfer file from one network to the other. The additional routes were added on the ASAs like you have stated. But not on the Host OS. Once I applied the route to the host from both network respectively it works. My previous config had the ASA inside interface as the host default-gateway and by default the ASA will not route packets on the interface it recieves it. I will give it a try to see how this turns out. If not I will use my 3750's as the host default-gateway instead of the ASA. Or add the additional route on my host. Thanks for all your help I will let you know how this turns out.

solpandor Wed, 03/18/2009 - 08:28

hi

re what you put "and by default the ASA will not route packets on the interface it recieves it", that is where the same interface command come in handy

thanks

Actions

This Discussion