07-24-2011 03:05 AM - edited 03-11-2019 02:02 PM
I have a Cisco 877W router which has no issues and working fine. However, I'd like to introduce my ASA5505 as the firewall in between LAN (192.168.0.0/24) and Router private range (10.1.1.0/24).
My setup: internet <- -> outside int (Dialer1) 122.x.x.x (Cisco 877W) <- -> inside 10.1.1.1 (FE0/0) <- -> outside int 10.1.1.2 (E0/0) (ASA5505) -> inside int 192.168.0.1 -> LAN
877W Ethernet0 -> ASA5505 Ethernet0 and is the only cable connected from 877 to ASA.
ASA 5505 Ethernet0/1-6 is used for wired devices on my LAN.
ASA 5505 Ethernet0/7 I'll reserve for DMZ server later.
From PC on LAN, I can ping 192.168.0.1 but, cannot access 10.1.1.1 or 10.1.1.2.
On the ASDM 192.168.0.1 using ping tool, I can ping 10.1.1.1 and 10.1.1.2.
When I run packet tracer, it fails under NAT check.
I'm unable to get to the internet and I think it's the NAT part of ASA that's letting me down.
If anyone has any hints, it would be gladly appreciated.
I've attached my config's for 877W and ASA5505.
PS. The setup is *similar* to http://mcse-ccnp.blogspot.com/2009/05/cisco-asa-for-internet-access-sample.html
thanks,
Luke
07-24-2011 03:39 AM
Hi Luke,
So the issue is that you're not able to ping 10.1.1.1 from the PC on the inside LAN, correct? Please confiure th following and let me know if it resolves the issue:
1. Configure "inspect icmp" for the ping replies to get back.
policy-map global_policy
class inspection_default
inspect icmp
2. Add a static route to the outside next hop:
route outside 0.0.0.0 0.0.0.0 10.1.1.1 1
Let me know.
Regards,
Anu
07-24-2011 03:53 AM
Thanks, I'll give that a try.
I also cannot reach the internet.
The ASDM packet inspect tool ,says that there is a NAT problem.
07-24-2011 04:34 AM
Inspect icmp. Was the trick but cannot route Internet to LAN
Can ping 8.8.8.8 from router and can get to Internet but LAN inside asa cannot. still think it's NAT issue.
Sent from Cisco Technical Support iPhone App
07-24-2011 05:08 AM
Internet now works I had route inside instead of the below correct line.
route outside 0.0.0.0 0.0.0.0 10.1.1.1 1
Thnks for your help.
Sent from Cisco Technical Support iPhone App
07-24-2011 07:12 AM
Hi Luke,
Sorry i missed your posts. Anyhow, i'm glad it works now!
Please mark this post as answered. Do rate the post if it was helpful!
Regards,
Anu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide