Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2432
Views
0
Helpful
7
Replies

routing ASA for MPLS connection

Doug Charboneau
Level 1
Level 1

‎05-04-2013 07:57 PM

I am having some trouble routing an existing MPLS connection. The MPLS is managed by our ISP and is working. I am trying to put in a new 5512 asa and I have added a static route "route inside mpls_remotenetwork mpls_gateway" this route works on my Sonicwall currently but not on my new cisco. The only other route is the default gateway and directly connected interfaces.

I am not sure if I am missing something.

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
7 Replies 7

blau grana
Level 7
Level 7

‎05-05-2013 02:47 AM

Hello Doug,

This is maybe stupid question, but I ask anyway

Is interface toward ISP device inside interface? That does not make much sense to me, I would expect it to be an outside interface. Is there any reason for this?

-> I thought that amybe you just made mistake and it is outside interface.

If it is really inside interface, what do you mean by "it does not work"? After configuration do you see this route in routing table and configuration, any error message?

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions
0 Helpful

Doug Charboneau
Level 1
Level 1
In response to blau grana

‎05-05-2013 12:56 PM

So you think that I might need to issue the intra network command. I believe inter is issued when enabling same security.

Sent from Cisco Technical Support iPhone App

0 Helpful

Doug Charboneau
Level 1
Level 1

‎05-05-2013 04:16 AM

The MPLS connection has a connection to my switch directly inside my network, with my current Sonicwall setup I simply add a static default route for any address on the remote network use the MPLS local address. With the cisco asa I add the above route and I can ping addresses on the other end but I cannot access any systems. ie pcs or firewall at the other end.

Sent from Cisco Technical Support iPhone App

0 Helpful

blau grana
Level 7
Level 7
In response to Doug Charboneau

‎05-05-2013 01:55 PM

Hello Doug,

Some sketch of your topology would help, now we can only guess what is where.

- the MPLS connection has a connection to my switch directly inside my network
- with my current Sonicwall setup I simply add a static default route for any address on the remote network use the MPLS local address
- with the cisco asa I add the above route and I can ping addresses on the other end but I cannot access any systems. ie pcs or firewall at the other end.

Do you want to replace Sonicwall with new ASA, or do you want to use them both?

What device is on other end of MPLS connection?

Does this device permit traffic from new ASA?

What is configuration of ASA? Maybe it is not properly configured.

As I asked earlier, do you see static route in routing table after configuration or is it rejected for some reason?

As I said we can only guess where could be problem, so please provide some more additional info.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions
0 Helpful

Doug Charboneau
Level 1
Level 1

‎05-06-2013 04:48 AM

Sorry I was not more thurough in my original post. Currently we have a sonicwall firewall in place. the Sonicwall (UTM) does handle our internal routing as well as ips system. We have a vendor suplied cisco router that supplies our internet as well as an MPLS connection to another location. The internet connection is connected to our outside port of the Sonicwall. The MPLS connection goes straight into our switch, which would put it connected to our inside port. Currently we have just needed to add a static route to our Sonicwall and traffic flows through the MPLS connection to the remote end. I am trying to replace the Sonicwall with a Cisco ASA 5512. Everything comes up fine except I cannot access the remote network. I have added in the static route to the MPLS but that has not helped. The odd part is I can ping the devices at the other end, I just cannot access them (rdp, https). I have enabled same security inter and intra. I thought that intra would take care of my issue but it did not. Am I missing an access rule that needs to be in place?

Thanks again for any help provided.

inside network 192.169.1.0\24

MPLS network 192.169.2.0\24

current static route entered

route inside 192.169.2.0 255.255.255.0 192.169.1.253 1

0 Helpful

Doug Charboneau
Level 1
Level 1

‎05-06-2013 10:01 AM

I have read some today about hairpinning an interface. I cannot do it until tonight but I wounder if I add a static nat inside, inside statement for the remote network if it will work.

Has any one else ever delt with hairpinning on an asa?

0 Helpful

aacole
Level 5
Level 5
In response to Doug Charboneau

‎05-13-2013 12:58 PM

Hi Doug,

What version of code are you running on your ASA?

Do you have an access list on the inside interface of your ASA?

It may be worth asking thisover in the security/firewalling support forum. I've had some problems with hairpinning on ASA's, and it depend on code versions as this feature has changed over time.

0 Helpful
Customers Also Viewed These Support Documents