03-29-2010 01:13 PM - edited 03-06-2019 10:22 AM
We have a 3750EI that has a L3 WAN port and a L3 LAN port. Let's say the WAN port is 70.60.50.40 and is plugged into gi1/0/1. The external interface of our ASA is 90.80.70.60 and is plugged into gi1/0/2. The internal interface of the ASA is 172.16.120.10 and is on vlan 90. The issue I'm running into is I'm exhausting my default gateway right off the bat. My clients will connect to the data vlan and I have the 3750's default gateway to the internal interface of the ASA. I am unsure of what to do now as I don't know what to route to the external interface of the ASA.
Thank you in advance for any assistance
Solved! Go to Solution.
03-30-2010 06:58 AM
The default gateway for users will be the inside interface of the firewall (172.16.120.10). The default route on the firewall will point to the LAN interface of the 3750. The 3750 has a default route to the internet via it's WAN port - you don't have to route anything back inside since user traffic gets NAT'd to the external interface of the firewall and the 3750 already knows about this since it's directly connected.
03-29-2010 01:56 PM
Hi,
Since you are using a private IP address range for your internal network, you need to turn on NAT on the ASA so it translates from private to public IP addresses.
Have a look at this command on how to configure NAT on the ASA Firewall.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008045a2d2.shtml
HTH
Reza
03-30-2010 01:57 AM
We have a 3750EI that has a L3 WAN port and a L3 LAN port. Let's say the WAN port is 70.60.50.40 and is plugged into gi1/0/1. The external interface of our ASA is 90.80.70.60 and is plugged into gi1/0/2. The internal interface of the ASA is 172.16.120.10 and is on vlan 90. The issue I'm running into is I'm exhausting my default gateway right off the bat. My clients will connect to the data vlan and I have the 3750's default gateway to the internal interface of the ASA. I am unsure of what to do now as I don't know what to route to the external interface of the ASA.
Thank you in advance for any assistance
Hi,
If you are ASA is talking with internet and is connected via same switch that 3750 and local desktops are also connected to same via inetrnal interface of ASA,then the flow should be like this
PC1 -- 3750 switch (Internal Lan)--(internal lan inetrface of) ASA --- 3750 Switch (external lan) --(external lan interface) ASA-- ISP
The gateway for pc will inetnal lan inetrface of ASA and from ASA proper Natting needs to be done and default route towards the ISP routers in order to complete the flow.
Hope to Help !!
Ganesh.H
Cisco will donate $1 to the Red Cross Haiti fund for every useful rated post!
https://supportforums.cisco.com/docs/DOC-8727
03-30-2010 06:58 AM
The default gateway for users will be the inside interface of the firewall (172.16.120.10). The default route on the firewall will point to the LAN interface of the 3750. The 3750 has a default route to the internet via it's WAN port - you don't have to route anything back inside since user traffic gets NAT'd to the external interface of the firewall and the 3750 already knows about this since it's directly connected.
03-30-2010 10:44 AM
Thanks for the extra set of eyes. Had the ASA Internal interface in the wrong vlan. All is
working now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide