cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3069
Views
0
Helpful
57
Replies

Fixed ip(pc)--->(e1)2600(e0)-dhcp-->asa5505

stewartrose
Level 1
Level 1
Good Morning Team,

Sorry this may bore lots of you, but it is a headache for me trying to learn.

As you see above Fixed ip(pc)--->(e1)2600(e0)-dhcp-->asa5505

From within the router via con port, I can ping both directions
eg: ping 192.168.2.2 = PC
ping 192.168.1.1 = asa5505 gateway

But pinging from the PC direct to the firewall dont work, or to the outside world

Below is my listing if anyone can help it would be great

Thanks from Alan

!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash:c2600-i-mz.123-19a.bin
boot-end-marker
!
!
memory-size iomem 10
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.40
!
ip dhcp pool locallan
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 212.23.3.100 212.23.6.100
!
!
!
!
!
interface Ethernet0/0
ip address dhcp
ip nat outside
full-duplex
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
full-duplex
!
ip nat inside source list 101 interface Ethernet0/0 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 any log
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

57 Replies 57

Hi Jon, here you are...

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router

!

!

memory-size iomem 10

ip subnet-zero

!

!

ip dhcp excluded-address 192.168.2.1

!

ip dhcp pool firewall

import all

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

dns-server 212.23.3.100 212.23.6.100

!

call rsvp-sync

!

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

!

interface FastEthernet0/1

ip address dhcp

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

!

ip nat inside source list 101 interface FastEthernet0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip http server

!

access-list 101 permit ip 192.168.2.0 0.0.0.255 any

no cdp run

!

dial-peer cor custom

!

!

!

!

line con 0

exec-timeout 120 0

line aux 0

line vty 0 4

login

!

end

Alan

On interface fa0/1

remove the "ip address dhcp"

and add

ip address 192.168.2.1 255.255.255.0

Jon

Hi Jon,

Ok thats is done, and that is what I had about an hour ago..:)

What next boss

All the best from Alan

Alan

Not sure why you changed it ?

Try from PC1 connected to fa0/1 again.

Jon

Here you go Jon..

C:\Documents and Settings\Alan Walker>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : highforc-55aqzc
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E G
igabit Ethernet NIC
        Physical Address. . . . . . . . . : 00-1F-D0-27-A6-A7
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.2.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.2.0
        DNS Servers . . . . . . . . . . . : 212.23.3.100


C:\Documents and Settings\Alan Walker>netstat -rn

Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f d0 27 a6 a7 ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ether
net NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.0     192.168.2.2       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      169.254.0.0      255.255.0.0      192.168.2.2     192.168.2.2       30
      192.168.2.0    255.255.255.0      192.168.2.2     192.168.2.2       20
      192.168.2.2  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.2.255  255.255.255.255      192.168.2.2     192.168.2.2       20
        224.0.0.0        240.0.0.0      192.168.2.2     192.168.2.2       20
  255.255.255.255  255.255.255.255      192.168.2.2     192.168.2.2       1
Default Gateway:       192.168.2.0
===========================================================================
Persistent Routes:  None

arp -a showed no entries

Alan

That's better.

So can you access websites via URL ?

If so can you try setting PC2 to use DHCP and test with that one.

Jon

Hi Jon,

I did that before, and when you do an "show ip int br" the port comes up unassigned..

All the best from Alan

stewartrose wrote:

Hi Jon,

I did that before, and when you do an "show ip int br" the port comes up unassigned..

All the best from Alan

Sorry, you've lost me. What port ?

Jon

Hi Jon,

Ok what I have done is left a static ip on 0/1 port of Router, then switch everything of, and I do mean everthing, left it for 10mins

and brough each item back in turn, would you beleive it all now works, it is very slow to get to a website, but once you are on it, going though the pages is very fast, so I think ha ha, there is still a problem with the firewall, my next trick is to feed the router direct into the adsl router, nothing special it is an speedtouch 510 and bypass the firewall and see what happens..

Thank you again Jon, you have been a great help..

All the best from Alan

Alan

The speed could be duplex settings on your router. Check that everything is running full-duplex preferably at 100Mbps.

Glad we got there in the end

Please mark this post as solved.

Jon

Jon Marshall
Hall of Fame
Hall of Fame

Alan

What is 192.168.1.3 ?

Did you do the ping from 192.168.2.x PC ?

Jon

Hi Jon,

192.168.1.3 is my PC1 from the ASA

ASA |---- PC1 < this is what i am using talking to this forum

        |----router-pc2 <---- i ping from here

               |

           con 0 <--- or here

All the best from Alan

So the ASA and internet connection is working from PC1 ?

If so can you add DNS servers manually to PC2 and then try and access the forum ?

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: