Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
501
Views
0
Helpful
4
Replies

3750 Routing Design

Go to solution
jgorman1977
Level 1
Level 1

‎03-29-2010 01:13 PM - edited ‎03-06-2019 10:22 AM

We have a 3750EI that has a L3 WAN port and a L3 LAN port.  Let's say the WAN port is 70.60.50.40 and is plugged into gi1/0/1.  The external interface of our ASA is 90.80.70.60 and is plugged into gi1/0/2. The internal interface of the ASA is 172.16.120.10 and is on vlan 90.  The issue I'm running into is I'm exhausting my default gateway right off the bat.  My clients will connect to the data vlan and I have the 3750's default gateway to the internal interface of the ASA.  I am unsure of what to do now as I don't know what to route to the external interface of the ASA.

Thank you in advance for any assistance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
droeun141
Level 1
Level 1

‎03-30-2010 06:58 AM

The default gateway for users will be the inside interface of the firewall (172.16.120.10).  The default route on the firewall will point to the LAN interface of the 3750.  The 3750 has a default route to the internet via it's WAN port - you don't have to route anything back inside since user traffic gets NAT'd to the external interface of the firewall and the 3750 already knows about this since it's directly connected.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎03-29-2010 01:56 PM

Hi,

Since you are using a private IP address range for your internal network, you need to turn on NAT on the ASA so it translates from private to public IP addresses.

Have a look at this command on how to configure NAT on the ASA Firewall.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008045a2d2.shtml

HTH

Reza

0 Helpful

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎03-30-2010 01:57 AM 

We have a 3750EI that has a L3
WAN port and a L3 LAN port.  Let's say the WAN port is 70.60.50.40 and
is plugged into gi1/0/1.  The external interface of our ASA is
90.80.70.60 and is plugged into gi1/0/2. The internal interface of the
ASA is 172.16.120.10 and is on vlan 90.  The issue I'm running into is
I'm exhausting my default gateway right off the bat.  My clients will
connect to the data vlan and I have the 3750's default gateway to the
internal interface of the ASA.  I am unsure of what to do now as I
don't know what to route to the external interface of the ASA. 
Thank you in advance for any assistance

Hi,

If you are ASA is talking with internet and is connected via same switch that 3750 and local desktops are also connected to same via inetrnal interface of ASA,then the flow should be like this

PC1 -- 3750 switch (Internal Lan)--(internal lan inetrface of) ASA --- 3750 Switch (external lan) --(external lan interface) ASA-- ISP

The gateway for pc will inetnal lan inetrface of ASA and from ASA proper Natting needs to be done and default route towards the ISP routers in order to complete the flow.

Hope to Help !!

Ganesh.H

Cisco will donate $1 to  the Red Cross Haiti fund for every useful rated post!
https://supportforums.cisco.com/docs/DOC-8727

0 Helpful

Go to solution
droeun141
Level 1
Level 1

‎03-30-2010 06:58 AM

The default gateway for users will be the inside interface of the firewall (172.16.120.10).  The default route on the firewall will point to the LAN interface of the 3750.  The 3750 has a default route to the internet via it's WAN port - you don't have to route anything back inside since user traffic gets NAT'd to the external interface of the firewall and the 3750 already knows about this since it's directly connected.

0 Helpful

Go to solution
jgorman1977
Level 1
Level 1
In response to droeun141

‎03-30-2010 10:44 AM

Thanks for the extra set of eyes. Had the ASA Internal interface in the wrong vlan. All is

working now.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card