Cisco 3660 with ASA 5505

Unanswered Question
Sep 19th, 2010
User Badges:

Please help me out here....


I am stuck, I am trying to configure my home lab and I can't seem to find out how to do the following:


Internet -->ASA5505-->3660Router-->2900XL Switch --->ASA5505--->Wireless AP


Attached is an image  with a better idea of what I am wanting to do.


I have read that any router with the ASA is usless, but I would like to have the ASA just be a firewall/VPN and not much else.  Any help with this would be apprciated.


***All Cisco Equipment has basic configs loaded on them, if needed I can provide a show ver.


Home_Network.jpg

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagaraja Thanthry Sun, 09/19/2010 - 14:54
User Badges:
  • Cisco Employee,

Hello,


From the diagram, it seems like you would like to assign 192.168.1.x address all across the board. You cannot do it with a router in between. Different router interfaces should have different IP addresses. So, in your case, it could be 192.168.1.x on the LAN side of 3660 and 192.168.2.x on the firewall side.


On the ASA:


interface vlan 1

nameif inside

security-level 100

ip address 192.168.2.1 255.255.255.0

exit


interface Ethernet 1

switchport access vlan 1

exit


global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0


route inside 192.168.1.0 255.255.255.0 192.168.2.2


On the 3660:


interface FastEthernet 0/0

description connection to ASA5505

ip address 192.168.2.2 255.255.255.0

no shut

exit


interface FastEthernet 0/1

description connection to 2900XL

ip address 192.168.1.1 255.255.255.0

no shut

exit


ip route 0.0.0.0 0.0.0.0 192.168.2.1


In this case, you do not need to make any changes on the ASA for the outside interface or the NAT settings. You are just introducing another subnet on the inside to make sure that you do not need to change IP address settings on the LAN.


Hope this helps.


Regards,


NT

Actions

This Discussion