Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

3750 Routing Design

We have a 3750EI that has a L3 WAN port and a L3 LAN port.  Let's say the WAN port is 70.60.50.40 and is plugged into gi1/0/1.  The external interface of our ASA is 90.80.70.60 and is plugged into gi1/0/2. The internal interface of the ASA is 172.16.120.10 and is on vlan 90.  The issue I'm running into is I'm exhausting my default gateway right off the bat.  My clients will connect to the data vlan and I have the 3750's default gateway to the internal interface of the ASA.  I am unsure of what to do now as I don't know what to route to the external interface of the ASA.

Thank you in advance for any assistance

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: 3750 Routing Design

The default gateway for users will be the inside interface of the firewall (172.16.120.10).  The default route on the firewall will point to the LAN interface of the 3750.  The 3750 has a default route to the internet via it's WAN port - you don't have to route anything back inside since user traffic gets NAT'd to the external interface of the firewall and the 3750 already knows about this since it's directly connected.

4 REPLIES
VIP Super Bronze

Re: 3750 Routing Design

Hi,

Since you are using a private IP address range for your internal network, you need to turn on NAT on the ASA so it translates from private to public IP addresses.

Have a look at this command on how to configure NAT on the ASA Firewall.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008045a2d2.shtml

HTH

Reza

Re: 3750 Routing Design

We have a 3750EI that has a L3 WAN port and a L3 LAN port.  Let's say the WAN port is 70.60.50.40 and is plugged into gi1/0/1.  The external interface of our ASA is 90.80.70.60 and is plugged into gi1/0/2. The internal interface of the ASA is 172.16.120.10 and is on vlan 90.  The issue I'm running into is I'm exhausting my default gateway right off the bat.  My clients will connect to the data vlan and I have the 3750's default gateway to the internal interface of the ASA.  I am unsure of what to do now as I don't know what to route to the external interface of the ASA.

Thank you in advance for any assistance

Hi,

If you are ASA is talking with internet and is connected via same switch that 3750 and local desktops are also connected to same via inetrnal interface of ASA,then the flow should be like this

PC1 -- 3750 switch (Internal Lan)--(internal lan inetrface of) ASA --- 3750 Switch (external lan) --(external lan interface) ASA-- ISP

The gateway for pc will inetnal lan inetrface of ASA and from ASA proper Natting needs to be done and default route towards the ISP routers in order to complete the flow.

Hope to Help !!

Ganesh.H

Cisco will donate $1 to  the Red Cross Haiti fund for every useful rated post!
https://supportforums.cisco.com/docs/DOC-8727

Community Member

Re: 3750 Routing Design

The default gateway for users will be the inside interface of the firewall (172.16.120.10).  The default route on the firewall will point to the LAN interface of the 3750.  The 3750 has a default route to the internet via it's WAN port - you don't have to route anything back inside since user traffic gets NAT'd to the external interface of the firewall and the 3750 already knows about this since it's directly connected.

Community Member

Re: 3750 Routing Design

Thanks for the extra set of eyes. Had the ASA Internal interface in the wrong vlan. All is

working now.

293
Views
0
Helpful
4
Replies
CreatePlease to create content