Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Cisco 2821 Router behind Cisco ASA5505

Dear All,

I have a Cisco ASA5505 with Security plus license, and there are 3 VLAN configured on the ASA5505.

VLAN1 inside

VLAN2 outside

VLAN3 guest wireless VLAN

Ethernet0/0 access VLAN 2 connected to ISP with static IP address

Ethernet0/1 is trunk port connected to Cisco 2960G. It works great, and inside can access to outside, VPN client from outside can remote access to inside. All my devices are connected to 2960G, and for sure my inside LAN traffic will tied down to 100Mb because the ASA5505 interface is 100Mb. I am thinking to get the Cisco 2821 router and place it between the ASA5505 and 2960G and have 2821 route the traffic at 1Gb connection for inside LAN. I know static route and NAT need to be configure on 2821 as well as configuration change on ASA5505. I do not want to upgrade the ASA5505 to ASA5510 because too much power for home user . Is it possible? If yes could you please shed me the light to make it work? I greatly appreciate your help.

Best regards,

Vincent Le

Everyone's tags (3)
5 REPLIES
Hall of Fame Super Blue

Re: Cisco 2821 Router behind Cisco ASA5505

Vincent

Firstly there would be no need to do NAT on the router as the ASA is doing that but you would need routes on the 2821 and the ASA.

But what you do need a router for. You say you want to route the traffic at 1Gbps but route between what ?

Is it so you can route between the inside network and the wireless network ?  I wouldn't have thought so as you generally don't want the guest network to be able to communicate with the internal network.

So what exactly do you want to route between ?

Edit - worth noting that with the right IOS version and feature set your switch may be capable of doing limited routing so you would not need a router but again it depends on what you are trying to route between.

Jon

New Member

Cisco 2821 Router behind Cisco ASA5505

Hello Jon,

I greatly appreciate your reply.

At present for my home network connection is only 100Mb once I sending and receiving data from pc1 to pc2, because the interface of ASA5505 is 100Mb, and the 2960G layer 2 switch is 1Gb.


I am thinking if I have a router place between ASA5505 and my layer 2 switch. If pc1 send file to pc2 or pc2 to pc1 I have 1Gb connection (pc1 and pc2 is in the same VLAN 1), instead of 100Mb. Because the traffic will pass through the trunk port up to the ASA5505. Am I correct? If this is a case that's why I want to have a router to handle inside network, if inside network need to access outside go to the ASA5505.


I can route between the inside network and the wireless network by the access-list on the ASA5505, just for test only and for now guest wireless network not allow to communicate with inside network.

Here is my home network connection

DSL modem connected to ASA5505 eth0/0

ASA5505 eth0/1 trunk port connected to 1st 2960G gi0/8

1st 2960G gi0/7 trunk port connected to 2nd 2960G gi0/8


Hyper-V servers, VMware ESXi servers, Cisco 1142N-A-K9 Accesspoint, Printer all connected to both 2960G VLAN1

Cisco Adaptive Security Appliance Software Version 8.4(6)

Device Manager Version 7.1(3)Cisco Adaptive Security Appliance Software Version 8.4(6)
Device Manager Version 7.1(3)
========================================================================================

Cisco 2969G is the layer 2 switches

Switch Ports Model              SW Version            SW Image                
------ ----- -----              ----------            ----------              
*    1 8     WS-C2960G-8TC-L    12.2(55)SE            C2960-LANBASEK9-M
========================================================================================

Cisco 2821 Router IOS version  15.1(3)T

Sorry Jon, if my explanation is not clear

Best regards

Vincent

Hall of Fame Super Blue

Re: Cisco 2821 Router behind Cisco ASA5505

Vincent

If PC1 and PC2 are in the same vlan then there is no need to go via the ASA and it won't do so the ASA is not limiting the traffic here.

They would only need to go to the ASA if they are in different vlans because then the traffic would need to be routed.

So devices in the same vlan connected to your switches only have to go to the ASA for internet access. This is basically the difference between L2 and L3 ie.

each device in the internal vlan will have an IP address from the same subnet and a default gateway. Presumably the default gateway is the ASA inside interface IP address. They only send traffic to this default gateway if the destination IP address is in a different subnet.

If the destination IP is in the same subnet then there is no need to send it to the defaultl gateway, they simply send it direct via the switch.

So a router will make no difference for traffic between devices in the same vlan because this traffic is not L3 routed.

Does this make sense ?

Jon

New Member

Re: Cisco 2821 Router behind Cisco ASA5505

Whew Whew! thank you so much for your explanation and kindnes. You've save me for the cost of eBay

You have a great day Jon

Vincent

Hall of Fame Super Blue

Cisco 2821 Router behind Cisco ASA5505

Vincent

No problem. glad to have helped.

Jon

232
Views
5
Helpful
5
Replies
CreatePlease to create content