04-23-2015 03:39 AM - edited 03-11-2019 10:49 PM
Hi
I Have Cisco 5510 ASA and from workstation I want create a new route to another Router (Outside) facing my ISP.
From Workstation I can Ping ASA E0/2 interface but I cant ping ISP B router inside and outside interface.
I based all my configuration on the existing config. which until now is working
interface Ethernet0/0
description outside interface
nameif outside
security-level 0
ip address 122.55.71.138 255.255.255.2
!
interface Ethernet0/1
description inside interface
nameif inside
security-level 100
ip address 10.34.63.252 255.255.240.0
!
interface Ethernet0/2
description outside interface
nameif outsides
security-level 0
ip address 121.97.64.178 255.255.255.240
!
global (outside) 1 interface
global (outsides) 2 interface ( I created this for E0/2)
nat (inside) 0 access-list nonat
nat (inside) 1 10.34.48.11 255.255.255.255 (Working: To E0/0 to Router ISP A inside and outside interface)
nat (inside) 2 10.34.48.32 255.255.255.255 (Working: To E0/2 to Router ISP A inside interface only but outside cant ping).
route outside 0.0.0.0 0.0.0.0 122.55.71.139 1 (Working)
route outside 10.34.48.32 255.255.255.255 121.97.64.179 1 (Test For New Route)
ISP Router A working Can ping and I can access the internet
interface FastEthernet0/0
description Connection to ASA5510
ip address 122.55.71.139 255.255.255.248
no ip redirects
no ip proxy-arp
ip nat inside
duplex auto
speed auto
!
interface S0/0
ip address 111.54.29.122 255.255.255.252
no ip redirects
no ip proxy-arp
ip nat outside
!
ip nat inside source static 122.55.71.139 111.54.29.122
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ISP 2
interface FastEthernet0/0 ( ASA Can ping this interface)
description Connection to ASA5510
ip address 121.97.64.179 255.255.255.248
no ip redirects
no ip proxy-arp
ip nat inside
duplex auto
speed auto
!
interface E0/0 ( ASA Can 't ping this interface)
ip address 121.97.69.122 255.255.255.252
no ip redirects
no ip proxy-arp
ip nat outside
!
ip nat inside source static 121.97.64.179 121.97.69.122
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 E0/0
CABLES
ASA to ISP Router B ( Straight through Cable)
ISP Router to IDU ( Straight through Cable)
Hope you could give some tips and solution for this kind of problem thanks
Solved! Go to Solution.
04-23-2015 11:47 PM
Hi,
Are you able to ping the router interface IP from the ASA device ? If yes , try a packet trace on the ASA device for the traffic for the router IP address.
Thanks and Regards,
Vibhor Amrodia
04-23-2015 10:55 PM
Hi,
You can only use a single Default route on the ASA device.
Now , as per your requirement ,
route outside 10.34.48.32 255.255.255.255 121.97.64.179 1 (Test For New Route)
(Why do you have this route on the ASA device ?) I see this in the Inside interface Subnet.
Route lookup would be Destination based.
Are you looking to route specific traffic out thru the "outsides" interface ?
If yes , this configuration would not work unless you use some workaround configuration on the ASA device.
Refer:-
https://supportforums.cisco.com/document/59986/loadbalancing-dual-isp-asa
https://supportforums.cisco.com/document/49756/asapix-load-balancing-between-two-isp-options
Thanks and Regards,
Vibhor Amrodia
04-23-2015 11:12 PM
04-23-2015 11:17 PM
Hi,
Although , PBR has been introduced but that will not be supported on this ASA device.
The only workaround is there in the URL link that i provided to you earlier.
Thanks and Regards,
Vibhor Amrodia
04-23-2015 11:47 PM
Hi,
Are you able to ping the router interface IP from the ASA device ? If yes , try a packet trace on the ASA device for the traffic for the router IP address.
Thanks and Regards,
Vibhor Amrodia
04-24-2015 06:50 AM
Hi,
Yes From firewall i can ping Router inside and outside interface.
Regarding to packet trace It's not enable on my ASA but when I try to enable it there are some commands not supported by my version.
thanks
04-23-2015 11:21 PM
But For now I want to ping my Router B inside and outside interface. but it seems that firewall is not passing or may be the router is not permitting my packet from my workstation.
-mtu outsides 1500
-icmp permit any outsides
-global (outsides) 2 interface
-nat (inside) 2 10.34.50.32 255.255.255.255
-route outsides 0.0.0.0 0.0.0.0 121.97.64.179 2 (Router Inside Interface)
-route inside 10.34.50.0 255.255.255.0 10.34.63.254 1
Please see the attached file. Test ping
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide