Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

asa 5510 behind cisco 2811 router

Hello all,

I have follow structure

lan - asa - router - internet.

And I would like to give internet access to machines inside my network.

with actual conf I from inside I can ping inside interface on cisco router, and stops there.

Follow my confs about what I´m doing

Router

===================================================

interface FastEthernet0/0
description Outside
no ip address
no ip redirects
no ip proxy-arp
duplex auto
speed auto
no snmp ifindex persist
service-policy output AutoQoS-Policy-Trust
!
interface FastEthernet0/0.1
description Internet_Interface
encapsulation dot1Q 1 native
ip address 10.10.178.20 255.255.255.0
ip virtual-reassembly
!

interface FastEthernet0/1.501
description internet_inside_vlan
encapsulation dot1Q 501
ip address 10.1.1.1 255.255.255.252
!
interface FastEthernet0/1.502
description dmz_inside_vlan
encapsulation dot1Q 502
ip address 10.1.2.1 255.255.255.252
!

ip route 0.0.0.0 0.0.0.0 10.10.178.20 (outside ip)

ip nat source static 10.1.1.2 10.10.178.20

ASA

==========================================

!
interface Ethernet0/0
no nameif
no security-level
no ip address
!
interface Ethernet0/0.501
description outside_internet
vlan 501
nameif outside_1
security-level 0
ip address 10.1.1.2 255.255.255.0
!
interface Ethernet0/0.502
description outside_dmz
vlan 502    
nameif outside_2
security-level 0
ip address 10.1.2.2 255.255.255.0
!
interface Ethernet0/1
no nameif
no security-level
no ip address
!
interface Ethernet0/1.10
description users_lan
vlan 10
nameif inside_1
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/1.20
description serv_farm
vlan 20
nameif inside_2
security-level 100
ip address 192.168.20.1 255.255.255.0
!
interface Ethernet0/1.40
description telephony
vlan 40
nameif inside_3
security-level 100
ip address 192.168.40.1 255.255.255.0
!
interface Ethernet0/1.50
description guest_lan
vlan 50
nameif inside_4
security-level 100
ip address 192.168.50.1 255.255.255.0
!
interface Ethernet0/2
description dmz
shutdown
nameif dmz
security-level 50
ip address 192.168.30.1 255.255.255.0
!
interface Management0/0
nameif management
security-level 0
ip address 192.168.60.20 255.255.255.0
management-only
!

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

access-list outside_1_in extended permit tcp any host 10.1.1.1 log
access-list permit_all extended permit tcp any any log
access-list permit_all extended permit icmp any any log
access-list permit_all extended permit udp any any log

global (outside_1) 1 interface

nat (inside_1) 1 192.168.10.0 255.255.255.0
nat (inside_1) 1 192.168.20.0 255.255.255.0
nat (inside_1) 1 192.168.30.0 255.255.255.0
nat (inside_1) 1 192.168.40.0 255.255.255.0
nat (inside_1) 1 192.168.50.0 255.255.255.0

static (inside_1,inside_2) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
static (inside_2,inside_1) 192.168.20.0 192.168.20.0 netmask 255.255.255.0
static (dmz,outside_2) interface 192.168.30.5 netmask 255.255.255.255

access-group permit_all in interface outside_1
access-group permit_all out interface inside_1
access-group permit_all out interface inside_2
access-group permit_all in interface management

route outside_1 0.0.0.0 0.0.0.0 10.1.1.1 1

Everyone's tags (2)
1 REPLY
Cisco Employee

Re: asa 5510 behind cisco 2811 router

Hello,

You are missing couple of NAT configurations on the router.

interface FastEthernet0/0.1

description Internet_Interface

encapsulation dot1Q 1 native

ip address 10.10.178.20 255.255.255.0

ip nat outside -


Missing

ip virtual-reassembly

!

 

interface FastEthernet0/1.501

description internet_inside_vlan

encapsulation dot1Q 501

ip nat inside -


Missing

ip address 10.1.1.1 255.255.255.252

Hope this helps.

Regards,

NT

769
Views
0
Helpful
1
Replies