ASA5510 with 1941 & HWIC-3G-CDMA-x

srwatters · ‎06-21-2012

I am setting up a network that will use the 1941 router with a cellular card (HWIC) to connect to the Internet for communication with remote stations in the field. The 1941 has a static IP address (166.142.xxx.yyy) on the Internet provided by the ISP (Verizon). The 1941 is connected via ethernet to the ASA5510. The end goal is to have the field cell routers (Digi Transport WR-44-R, also static IP) connect to the ASA5510 via VPN tunnels for communication back to the servers behind the firewall. I'm not sure exactly how to configure the 1941 so that the remote router can connect to the ASA using the public IP of the 1941 router. I have the 1941 working stand alone and can connect to the Internet and pass traffic, but I tried a static NAT to translate the public IP to the private IP of the ASA and cannot pass traffic. below is part of the 1941 configuration:

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$

ip address 192.168.100.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Cellular0/0/0

ip address negotiated

ip access-group 1 in

ip access-group 1 out

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer in-band

dialer string cdma

dialer-group 1

async mode interactive

ppp chap password 0 cisco

ppp ipcp dns request

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source static 192.168.100.1 interface Cellular0/0/0

ip nat inside source list 23 interface Cellular0/0/0 overload

ip route 0.0.0.0 0.0.0.0 Cellular0/0/0

ip route 192.168.200.0 255.255.255.0 192.168.100.1

!

access-list 1 permit any

access-list 23 permit 192.168.100.0 0.0.0.255

access-list 23 permit 192.168.200.0 0.0.0.255

dialer-list 1 protocol ip list 1

Do I need to use VLAN bridging to accomplish the task or am I missing something with the NAT?

Thanks,

handoko wiyanto · ‎06-21-2012

hi Scott,

correct me if im wrong, so the diagram will look like these:

Server - Asa 5510 - 1941 Router - ISP - Cell Routers

and what youre trying to accomplish is by creating a vpn tunnel from ASA 5510, so that user behind Cell routers can connect to Server behind asa.

if my understanding is correct, then the simplest way in achieving this will be configured bridging on 1941 ( on interface Gig0/0 and Cellular0/0/0)

then you can configure NAT and VPN on ASA5510

btw, whats the ios version on 1941 and asa?

regards,

srwatters · ‎06-21-2012

Yes. You're basically correct. Athough the "user" is really an embedded device in the field. I tried to turn on bridging for the Cellular0/0/0 interface was the reply was:

Cellular0/0/0 does not support bridging

Software versions

1941 Router:

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M3, RELEASE SOFTWARE (fc1)

ASA 5510:

Cisco Adaptive Security Appliance Software Version 8.2(5)

Device Manager Version 6.4(5)

Any additional help would be appreciated. Been banging my head on the desk for a few hours now...

handoko wiyanto · ‎06-21-2012

it happens,

anyway, perhaps you can try terminating the VPN in asa, by forwarding some port in 1941 to ASA

regards,