06-21-2012 07:57 AM - edited 03-04-2019 04:44 PM
I am setting up a network that will use the 1941 router with a cellular card (HWIC) to connect to the Internet for communication with remote stations in the field. The 1941 has a static IP address (166.142.xxx.yyy) on the Internet provided by the ISP (Verizon). The 1941 is connected via ethernet to the ASA5510. The end goal is to have the field cell routers (Digi Transport WR-44-R, also static IP) connect to the ASA5510 via VPN tunnels for communication back to the servers behind the firewall. I'm not sure exactly how to configure the 1941 so that the remote router can connect to the ASA using the public IP of the 1941 router. I have the 1941 working stand alone and can connect to the Internet and pass traffic, but I tried a static NAT to translate the public IP to the private IP of the ASA and cannot pass traffic. below is part of the 1941 configuration:
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$
ip address 192.168.100.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Cellular0/0/0
ip address negotiated
ip access-group 1 in
ip access-group 1 out
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer string cdma
dialer-group 1
async mode interactive
ppp chap password 0 cisco
ppp ipcp dns request
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source static 192.168.100.1 interface Cellular0/0/0
ip nat inside source list 23 interface Cellular0/0/0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
ip route 192.168.200.0 255.255.255.0 192.168.100.1
!
access-list 1 permit any
access-list 23 permit 192.168.100.0 0.0.0.255
access-list 23 permit 192.168.200.0 0.0.0.255
dialer-list 1 protocol ip list 1
Do I need to use VLAN bridging to accomplish the task or am I missing something with the NAT?
Thanks,
06-21-2012 11:14 AM
hi Scott,
correct me if im wrong, so the diagram will look like these:
Server - Asa 5510 - 1941 Router - ISP - Cell Routers
and what youre trying to accomplish is by creating a vpn tunnel from ASA 5510, so that user behind Cell routers can connect to Server behind asa.
if my understanding is correct, then the simplest way in achieving this will be configured bridging on 1941 ( on interface Gig0/0 and Cellular0/0/0)
then you can configure NAT and VPN on ASA5510
btw, whats the ios version on 1941 and asa?
regards,
06-21-2012 11:23 AM
Yes. You're basically correct. Athough the "user" is really an embedded device in the field. I tried to turn on bridging for the Cellular0/0/0 interface was the reply was:
Cellular0/0/0 does not support bridging
Software versions
1941 Router:
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M3, RELEASE SOFTWARE (fc1)
ASA 5510:
Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)
Any additional help would be appreciated. Been banging my head on the desk for a few hours now...
06-21-2012 12:03 PM
it happens,
anyway, perhaps you can try terminating the VPN in asa, by forwarding some port in 1941 to ASA
regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide