Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
0
Helpful
4
Replies

ASA connection to router/switch module not working

srosenthal
Level 4
Level 4

‎07-15-2010 07:54 AM - edited ‎03-04-2019 09:04 AM

I have an ASA 5520 connected via port G0/3 to a 3825 router that hase a fast ethernet switch module installed in it.  I built a vlan interface and assigned port 2/0 to that vlan.

I cannot pass any data thru the firewall from the router nor can I ping the router from the firewall.  I have hard coded the port on the ASA to 100 full and also on the router.

When I connect a PC directly to the ASA I can get out with no problem.  Here is a snapshot of both configurations.

From the router

interface FastEthernet2/0
description ACSB wireless guest VLAN
switchport access vlan 168
duplex full
speed 100

interface Vlan168
ip address 192.168.168.2 255.255.255.0

From the ASA

interface GigabitEthernet0/3
speed 100
duplex full
nameif intf5
security-level 20
ip address 192.168.168.1 255.255.255.0

Any suggestions?  Also, the router is not showing up in the arp table on the ASA but the ASA shows up in the arp table of the router.  Both interfaces are showing up up with no errors.

Seth

Labels:
0 Helpful
4 Replies 4

Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-15-2010 08:20 AM

Hello,

This looks more like a physical layer issue. Have you tried the interfaces

in auto-negotiation mode? It could be that there is an incompatibility

between the hardware and the firewall is seeing errors when it gets data

from the router. Check the "show interface" output on both devices to see

if you are seeing any CRC errors.

Hope this helps.

Regards,

NT

0 Helpful

srosenthal
Level 4
Level 4
In response to Nagaraja Thanthry

‎07-15-2010 10:01 AM

The problem seems to be with the router.  I connected my PC direct to the router on the port the ASA was connected to and I gave myself an IP address in the range of the VLAN.  I cannot ping from the my PC to the VLAN ip address or the other way.

Also when I do a show VLAN command on the router I do not see vlan 168 showing up in the table.  It is in the VLAN database.

Seth

0 Helpful

srosenthal
Level 4
Level 4
In response to srosenthal

‎07-15-2010 10:14 AM

I believe I figured it out.  Looks like we need the GE-DCARD-ESW card to be able to router between vlan's.  Since I did not need but one port on this vlan I simply made that port a routed port and did away with the vlan.

Problem solved.

Seth

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to srosenthal

‎07-15-2010 10:21 AM

Hello,

Can you send the output of "show diag", "show vlan" and also "show run"?

Regards,

NT

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card