Re: Fixed ip(pc)--->(e1)2600(e0)-dhcp-->asa5505

3235

Views

Helpful

Replies

Good Morning Team,

Sorry this may bore lots of you, but it is a headache for me trying to learn.

As you see above Fixed ip(pc)--->(e1)2600(e0)-dhcp-->asa5505

From within the router via con port, I can ping both directions
eg: ping 192.168.2.2 = PC
ping 192.168.1.1 = asa5505 gateway

But pinging from the PC direct to the firewall dont work, or to the outside world

Below is my listing if anyone can help it would be great

Thanks from Alan

!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash:c2600-i-mz.123-19a.bin
boot-end-marker
!
!
memory-size iomem 10
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.40
!
ip dhcp pool locallan
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 212.23.3.100 212.23.6.100
!
!
!
!
!
interface Ethernet0/0
ip address dhcp
ip nat outside
full-duplex
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
full-duplex
!
ip nat inside source list 101 interface Ethernet0/0 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 any log
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

57 Replies 57

stewartrose wrote:

Good Morning Jon,

Thank you for getting back to me, and I understand a ot more now, but do I need to change FastEthernet0/1 port to dhcp for the second option.

All the best from Alan

Alan

No you don't, you just need to exclude fa0/1 IP address from the DHCP scope. Adding a DHCP scope to a router does not mean you have to run DHCP on the interface, they are 2 separate thngs.

Jon

Hi Jon,

I did what you suggested, but it still dont work from the browser, it does if I use an "ip" but not a domain name...

Here is the config, I hope I have done it right

Thanks from Alan

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

hostname Router

memory-size iomem 10

ip subnet-zero

ip dhcp excluded-address 192.168.2.1

ip dhcp pool firewall

import all

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

dns-server 212.23.3.100 212.23.6.100

call rsvp-sync

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.0

duplex auto

speed auto

interface Serial0/0

no ip address

shutdown

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0

duplex auto

speed auto

interface Serial0/1

no ip address

shutdown

ip nat inside source list 101 interface FastEthernet0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip http server

access-list 101 permit ip 192.168.2.0 0.0.0.255 any

no cdp run

dial-peer cor custom

line con 0

exec-timeout 120 0

line aux 0

line vty 0 4

end

Alan

PC1 is working correct ?

If so and they are windows PCs can you post an ipconfig /all from both PC1 and PC2

Jon

Hi Jon on PC1

C:\Documents and Settings\Alan Walker>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : highforc-55aqzc
        Primary Dns Suffix . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : power-plant.com

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix . : power-plant.com
        Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E G
igabit Ethernet NIC
        Physical Address. . . . . . . . . : 00-1F-D0-27-A6-A7
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.3
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 212.23.3.100
                                            212.23.6.100
        Lease Obtained. . . . . . . . . . : 02 April 2010 11:53:37
        Lease Expires . . . . . . . . . . : 02 April 2010 12:53:37

C:\Documents and Settings\Alan Walker>

PC2 is a linux machine Fedora 12, will ifconfig give you what you need

[root@localhost dev]# ifconfig

eth1 Link encap:Ethernet HWaddr 00:30:48:94:C3:62

inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0

inet6 addr: fe80::230:48ff:fe94:c362/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:25326 errors:0 dropped:0 overruns:0 frame:0

TX packets:13374 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:35213800 (33.5 MiB) TX bytes:905608 (884.3 KiB)

Memory:d3300000-d3320000

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:16 errors:0 dropped:0 overruns:0 frame:0

TX packets:16 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:1484 (1.4 KiB) TX bytes:1484 (1.4 KiB)

wlan0 Link encap:Ethernet HWaddr 00:11:95:91:E7:3D

UP BROADCAST MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

All the best from Alan

Alan

For the linux PC can you post the contents of the file /etc/resolv.conf.

Jon

Hi Jon,

That is easy there is nothing in it.

All the best from Alan

Alan

Are you using DHCP for PC2 or are you still using static IP ?

Add this to your resolv.conf -

nameserver 212.23.3.100

nameserver 212.23.6.100

and then retest.

Jon

Hi Jon,

My config is still as is above, but it is a static ip

Fedora Eth0 setup is Port address 192.168.2.2 - Mask 255.255.255.0 - Gateway 192.168.2.0

Added the 2 lines in resolv.com there is no named running, so I rebooted the system just in case

ran firefox with ip and it dont work, take out all the dhcp stuff the ip works via browser

if i switch the PC2 port back to DHCP and plug it in directly into ASA then domain urls works fine

All the best from Alan

stewartrose wrote:
Hi Jon,
My config is still as is above, but it is a static ip
Fedora Eth0 setup is Port address 192.168.2.2 - Mask 255.255.255.0 - Gateway 192.168.2.0
Added the 2 lines in resolv.com there is no named running, so I rebooted the system just in case
ran firefox with ip works fine, run firefox with website url and nothing.
if i switch the PC2 port back to DHCP and plug it in directly into ASA then domain urls works fine
All the best from Alan

Alan

This is definitely something to do with your linux PC and statically adding the IP. By the way you don't need named running for client resolution.

I haven't used Fedora but i do use Ubuntu and that should have done it. What i suggest is to add the DHCP pool for 192.168.2.0/24 on the router as covered in previous post and then tell your linux PC to get an IP using DHCP. If it works from the ASA there is no reason it shouldn't work from the router.

Jon

Hi Jon,

Right I did something which may help

On PC1 I changed the eth0 (windows) from DHCP to static 192.168.2.2/255.255.255.0/192.168.2.1 so it is the same as the linux box, and took the ethernet0/1 plug out of PC2 and pluggit in PC1 port, re booted everthing so it all comes up clean and re checked,

I ran wireshark, and it said "Arp Who has 192.168.2.0 Tell 192.168.2.2" just kept doing it..

Apart from that the windows PC acted the same as the linux box...

I hope it helps, I am now going to change over from static ip to dhcp as you suggested on PC2

And Jon, if this is all getting to much then pull the plug I do understand..

All the best from Alan

Alan

How is PC2 connected to your network. Is it literally connected to the e1 interface of your router ?

On PC1, if it still connected to the 192.168.2.x network can you post output of -

ipconfig /all

and

sh arp

and

netstat -nr

Jon

Hi Jon,

No it is not still connected but I can do it no problem at all, but one of the commands windows has not got that is "sh arp"

ok to answer the other question from the ASA box to a Netgear Fastethernet switch to PC1 port 1, (port 2 to fe0/0)ROUTER 2621(fe0/1 - PC2(linux)

ASA || Port 1 --> PC1

|| Port 2 -->Router (fe0/0) - (fe0/0) --> PC2

|| = switch port 1 and 2

Back in a while

All the best from Alan

Alan

Sorry, that should have been "arp -a"

Jon

Hi Jon,

Ok this is with DHCP set on FastEthernet0/1 and plugged into PC1, and PC1 complained about limited connectivity

All the best from Alan

netstat -nr

Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f d0 27 a6 a7 ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ether
net NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface Metric
          0.0.0.0          0.0.0.0 169.254.243.194 169.254.243.194      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      169.254.0.0      255.255.0.0 169.254.243.194 169.254.243.194      30
169.254.243.194 255.255.255.255        127.0.0.1       127.0.0.1       20
169.254.255.255 255.255.255.255 169.254.243.194 169.254.243.194      20
        224.0.0.0        240.0.0.0 169.254.243.194 169.254.243.194      20
255.255.255.255 255.255.255.255 169.254.243.194 169.254.243.194      1
Default Gateway:   169.254.243.194
===========================================================================
Persistent Routes:

C:\Documents and Settings\Alan Walker>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : highforc-55aqzc
        Primary Dns Suffix . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix . :
        Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E G
igabit Ethernet NIC
        Physical Address. . . . . . . . . : 00-1F-D0-27-A6-A7
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        Autoconfiguration IP Address. . . : 169.254.243.194
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . : 169.254.243.194

Alan

Your PC did not get an IP from the router. Can you repost the router config please ?

Jon

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Review Cisco Networking products for a $25 gift card