ASA 5510 Routing Problems

Unanswered Question
Jun 15th, 2009
User Badges:

Problem & setup:

My current configuration is a Linksys RV082 dual-wan router connected to a Cisco ASA 5510. Connected to a Cisco 2821 Router. Right now I can not even get the Firewall(ASA 5510) and the Linksys to communicate.


Static routes:

Linksys to Firewall:

Destination IP: 192.168.6.0

Subnet mask: 255.255.255.0

Default Gateway: 192.168.0.101

Hop count: 1

Interface: lan


Firewall to Linksys

Cant get this to work?

The firewall says "

[ERROR] route Interior 0.0.0.0 0.0.0.0 192.168.0.1 1

Cannot add route entry, possible conflict with existing routes" When I am trying to configure

Interface Name: Inside

IP address: 0.0.0.0

Mask: 0.0.0.0

Gateway IP: 192.168.0.1

(at the bottom I get an option of "Tunneled(used only for default route)" or Metric 1)


IP Addresses:

Inside firewall: 192.168.6.0

Outside firewall: 192.168.0.101

Linksys: 192.168.0.1

Cisco Router Outside: 192.168.6.101

Cisco Router Inside: 192.168.4.0


____________Cisco ASA 5510 Configuration_____________________________

Firewall# show running-config

: Saved

:

ASA Version 7.0(8)

!

hostname Firewall

domain-name default.domain.invalid

enable password 6efABQ2cPmP7OKuA encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

dns-guard

!

interface Ethernet0/0

nameif Interior

security-level 20

ip address 192.168.6.1 255.255.255.0

!

interface Ethernet0/1

nameif Exterior

security-level 20

ip address dhcp setroute

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

ftp mode passive

same-security-traffic permit inter-interface

pager lines 24

logging asdm informational

mtu management 1500

mtu Exterior 1500

mtu Interior 1500

asdm image disk0:/asdm-508.bin

no asdm history enable

arp timeout 14400

global (Exterior) 100 interface

nat (Interior) 0 192.168.6.0 255.255.255.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

sysopt noproxyarp Exterior

sysopt noproxyarp Interior

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd address 192.168.6.2-192.168.6.10 Interior

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management

dhcpd enable Interior

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

Cryptochecksum:ff820992c3c5d0aa4866e518fe0f9766

: end


____________________________________________


Thank You,

mebernstein


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thotsaphon Mon, 06/15/2009 - 07:10
User Badges:
  • Gold, 750 points or more

Mebernstein,

First of all, You have to make sure that the ip address of Exterior is 192.168.0.101.


!

interface Ethernet0/1

nameif Exterior

security-level 20

ip address ip address 192.168.0.101 255.255.255.0

!


After that you should do things as follows:

!

route Exterior 0.0.0.0 0.0.0.0 192.168.0.1 1

!


Edit: What do you want to do with NAT statements you configured? It's not clear to me.(grin)

HTH,

Toshi



mebernstein Mon, 06/15/2009 - 08:22
User Badges:

It is not realy what I was trying to do, it was more or less of what I thought I was supposed to do. It was my interpretation that you had to NAT information that went from router to router. What would you do? Also what would be some of the routes on some of the other equiptment?


Thank You,

Mebernstein

Actions

This Discussion