Problem with ASA 5510 routing to th next Router Subnet


I am having a problem accessing the clients network through the ASA.

Here is my Senario.


R0=fa0/0= to the ASA

R0=fa0/1= to the network A

ASA=e0/0= to Router R0

Now clients from the network on can connect to the ASA upto the internet.

The ASA is the default Gateway for the network

However i am having problems connecting to the clients network from the ASA.

i have created routes in the asa to point to the network but it still wont work.

Please i am requesting for assistance.How can i route the network to the network from the ASA.

Re: Problem with ASA 5510 routing to th next Router Subnet


Are you sure the ASA is the default-gateway for network ? because accroding to your description the default-gateway for clients on the 10.10.10.x network should be the fa0/1 interface on your router ie.

Can you post the routing table on the ASA and the router please.


Re: Problem with ASA 5510 routing to th next Router Subnet

Hi Jon

Sorry the ASA is the next hop for the not the default gateway that was a typo.

i have an ip route on the router RO for the network pointing to the ASA,so the network can get to the netwotk but network which the ASA is also part of cant get to the clients network

I hope i am clear now.




WIA-000-OFW1# sh config


ASA Version 7.2(2)


hostname WIA-000-OFW1


enable password xxx



interface Ethernet0/0

nameif outside

security-level 0

ip address 81.x.x.2

ospf cost 10

interface Ethernet0/2


no nameif

no security-level

no ip address


interface Ethernet0/3

nameif testing

security-level 100

ip address

ospf cost 10


interface Management0/0


no nameif

no security-level

no ip address



passwd xxx

banner login

ftp mode passive

clock timezone EAT 3

dns server-group DefaultDNS


access-list testing_acl extended permit ip any any

pager lines 24

logging enable

logging timestamp

logging console warnings

logging monitor warnings

logging buffered debugging

logging trap errors

logging asdm debugging

mtu outside 1500

mtu offwia 1500

mtu testing 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

asdm history enable

arp timeout 14400

global (outside) 1 81.x.x.100- netmask

nat (testing) 1

access-group testing_acl in interface testing

route outside 0.0.x.x.100.80.1 1

route testing 1

http server enable

no snmp-server location

no snmp-server contact

linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0



class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy global_policy global

prompt hostname context






UNIVERSITY#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is to network is variably subnetted, 2 subnets, 2 masks

C is directly connected, FastEthernet0/0

C is directly connected, FastEthernet0/1

S* [1/0] via

Re: Problem with ASA 5510 routing to th next Router Subnet


Can you change the following entry on your ASA

route testing 1

route testing


Re: Problem with ASA 5510 routing to th next Router Subnet

Hi Jon,

I saw that mistake in the confog and i have changed it to the one you indicate.

So know i have

route testing

But still i cant get to the clients network at from the asa when i try to ping.

Dear jon,is there a senario that can explain to me how i can configure the ASA to connect to the clients network,becuase for the clients they can see the network even they can get to the internet but me i cant get to there network unless i telnet into the router R0 at then after i connect to the

I would like to basically ping from network to network and i set the ASA in the routed mode but i dont know why it cant work.


