02-27-2013 06:17 AM - edited 03-11-2019 06:06 PM
Hi ,
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
ASA Version 7.0(6)
!
hostname HQ-ASA-01
domain-name srca.org.sa
enable password vGomFiNOfnKitujV encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.128
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.1.20.5 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
description For Mangement & ASDM Access
nameif MANAGEMENT
security-level 100
ip address 192.168.0.7 255.255.255.0
management-only
!
passwd GfJ0zeWqpgFx7jXA encrypted
banner exec Welcome to
banner exec Please disconnect the session immediately, If you not authorize.
banner login !!!!!! WARNING !!!!!!
banner login #######################################################################
banner login ACCESS TO THIS SYSTEM IS STRICTLY RESTRICTED TO AUTHORIZED PERSON ONLY
banner login UNAUTHORIZED PERSON ARE NOT ALLOWED TO ACCESS THIS SYSTEM.THIS SYSTEM
banner login IS MONITORED & LOGED.
banner login #######################################################################
ftp mode passive
clock timezone AST 3
access-list OUTSIDE_IN_ACL extended permit icmp any any echo-reply
access-list OUTSIDE_IN_ACL extended permit icmp any any time-exceeded
access-list OUTSIDE_IN_ACL extended permit icmp any any echo
access-list OUTSIDE_IN_ACL extended permit tcp any any eq www
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu MANAGEMENT 1500
icmp permit any outside
icmp permit any inside
icmp permit any MANAGEMENT
asdm image disk0:/asdm506.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 x.x.x.x-x.x.x.x netmask 255.255.255.128
nat (inside) 1 10.1.20.0 255.255.255.0
static (inside,outside) tcp x.x.x.x www 10.1.20.7 8080 netmask 255.255.255.255
static (inside,outside) x.x.x.x 192.168.0.244 netmask 255.255.255.255
static (inside,outside) x.x.x.x 192.168.0.71 netmask 255.255.255.255
access-group OUTSIDE_IN_ACL in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username cisco password ZjE9y3gyrnCUpp24 encrypted privilege 15
aaa authentication http console LOCAL
http server enable
http 192.168.0.83 255.255.255.255 inside
http 192.168.0.244 255.255.255.255 inside
http 192.168.0.71 255.255.255.255 inside
http 192.168.0.83 255.255.255.255 MANAGEMENT
http 192.168.0.244 255.255.255.255 MANAGEMENT
http 192.168.0.71 255.255.255.255 MANAGEMENT
snmp-server location Head Quarter
snmp-server contact xxxxxxxxx
snmp-server community xxxxxxxx
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.0.101 255.255.255.255 inside
telnet 192.168.0.71 255.255.255.255 inside
telnet 192.168.0.72 255.255.255.255 inside
telnet 192.168.0.101 255.255.255.255 MANAGEMENT
telnet 192.168.0.71 255.255.255.255 MANAGEMENT
telnet 192.168.0.72 255.255.255.255 MANAGEMENT
telnet 192.168.0.7 255.255.255.255 MANAGEMENT
telnet timeout 30
ssh 192.168.0.0 255.255.255.0 MANAGEMENT
ssh timeout 5
console timeout 0
management-access MANAGEMENT
!
class-map New_inspection
class-map inspection_daefault
class-map inspection_default
!
ntp server 10.1.20.101 source inside
Cryptochecksum:dce8e214347881c43cf85fa8c7ea6cd5
: end
HQ-ASA-01#
I have two different networks in my LAN
10.1.0.0 & 192.168.0.0
Kindly help me out ..
Solved! Go to Solution.
03-05-2013 04:37 AM
Oh well,
I had just written a long post and the browser thought it would be a good idea to go back one page and lost all that I had written.
Another try. Maybe this time the browser wont decide to do anything special.
So again I dont see any logic with the Static Routing either on the ASA or the Core device when it comes to routing traffic through the ASA
Core
Where is this route pointing towards? Its not the ASA atleast.
ip route 0.0.0.0 0.0.0.0 192.168.0.9
ASA
As I stated before the static route on the ASA doesnt make any sense either
route inside 10.1.0.0 255.255.0.0 192.168.0.136 1
The reasons being that the gateway IP set (192.168.0.136) IS NOT part of the subnet that is configured on the "inside" interface.
Is the ASA supposed to handle all the Internet traffic and is ALL TRAFFIC from the LAN supposed to go through the ASA to the Internet?
If this is the case I think you will need to change the configurations
ASA
interface Ethernet0/2
description ****Trusted_LAN_Network*****
nameif inside
security-level 100
no ip add
ip add 192.168.255.1 255.255.255.0
no route inside 10.1.0.0 255.255.0.0 192.168.0.136 1
route inside 10.1.0.0 255.255.0.0 192.168.255.2
Core
vlan 255
name Core-to-ASA
interface Vlan255
description Core-to-ASA
ip add 192.168.255.2 255.255.255.0
no shutdown
interface
descrition Core-to-ASA
switchport mode access
switchport access vlan 255
switchport nonegotiate
spanning-tree portfast
no ip route 0.0.0.0 0.0.0.0 192.168.0.9
ip route 0.0.0.0 0.0.0.0 192.168.255.1
I MUST STRESS that you only do these configurations if after going through the whole core switch configuration it would seem that it doesnt cause any problems with existing working connections. I cant see the whole core configuration and cant really take everything into consideration.
I dont know where the current default route points to for example. I dont know if the 192.168.0.9 is actually some Internet router you have. In that case changing the default route would naturally mean that all traffic would begin to go through the ASA and potentially break something.
But at the end to get some connections to go through the ASA you will need to route something towards it "inside" interface and have the Core to ASA link in order which it doesnt seem to be at the moment.
The OSPF routing in your Core and ASA is also a mystery to me so that again is something I cant comment on at the moment. The suggestion that I made rely simply on Static routing on both the ASA and the Core device.
- Jouni
02-27-2013 06:24 AM
Hi,
Default setting is usually the following
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
!
service-policy global_policy global
- Jouni
02-27-2013 06:55 AM
Hi Jouni,
Thanx for ur quick response. I really appreciate.
I have added the following default settings :
class-map New_inspection
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
!
service-policy global_policy global
ntp server 10.1.20.101
Cryptochecksum:d5b05c72d3bd4847c00227f45ac775c5
: end
HQ-ASA-01#
Jouni i have multiple subnets in my buildings which are connected to the Core switch which in turn is connected to the ASA.Do u want me to remove the management-only from 192.168.0.0 network or add a seperate subnet of it.
Regarding the route i have only one default route for outside.Do i have to specify for internal networks as well.
i have configr some NAT kindly check :
nat-control
global (outside) 10 interface
nat (inside1) 10 access-list TRAFFIC-OUT
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route inside1 10.1.0.0 255.255.0.0 192.168.0.136 1
please suggest me what else to do.
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
02-27-2013 09:10 AM
Hi,
A bit hard to say anything for certain as I dont have the whole picture.
You posted configurations that refer to an interface "inside1" which isnt mentioned in the first configuration so I have no idea how the configuration looks at the moment.
For that matter I have no idea about the local switch configurations either.
- Jouni
03-04-2013 10:22 AM
Hi Jouni,
Sorry for being late.Act was busy in something else.Still the same problem however i've made some changes to config as below :
ASA 5510-7.0(6)
)
!
hostname HQ-ASA-01
domain-name ABCD
enable password vGomFiNOfnKitujV encrypted
names
no dns-guard
!
interface Ethernet0/0
description ****Untrusted_Outside****
nameif outside
security-level 0
ip address xxx.xxx.167.130 255.255.255.128
ospf authentication null
!
interface Ethernet0/1
no nameif
no security-level
no ip address
!
interface Ethernet0/2
description ****Trusted_LAN_Network*****
nameif inside
security-level 100
ip address 10.1.16.75 255.255.255.0
ospf authentication null
!
interface Management0/0
description For Mangement & ASDM Access
nameif MANAGEMENT
security-level 100
ip address 192.168.0.7 255.255.255.0
management-only
!
passwd GfJ0zeWqpgFx7jXA encrypted
banner exec Welcome to Authority
banner exec Please disconnect the session immediately, If you not authorize.
banner login !!!!!! WARNING !!!!!!
banner login #######################################################################
banner login ACCESS TO THIS SYSTEM IS STRICTLY RESTRICTED TO AUTHORIZED PERSON ONLY
banner login UNAUTHORIZED PERSON ARE NOT ALLOWED TO ACCESS THIS SYSTEM.THIS SYSTEM
banner login IS MONITORED & LOGED.
banner login #######################################################################
boot system disk0:/asa706-k8.bin
ftp mode passive
clock timezone AST 3
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list TRAFFIC_OUT extended permit ip any any
access-list outside_acess_in extended permit tcp any any
access-list outside_acess_in extended permit tcp any any eq https
access-list outside_acess_in extended permit tcp any any eq www
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu MANAGEMENT 1500
icmp permit any outside
icmp permit any MANAGEMENT
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 20 xxx.xxx.167.140-82.118.167.254 netmask 255.255.255.128
nat (inside) 20 access-list TRAFFIC_OUT
route outside 0.0.0.0 0.0.0.0 82.118.167.129 1
route inside 10.1.0.0 255.255.0.0 192.168.0.136 1
!
router ospf 1
network 10.1.0.0 255.255.0.0 area 0
log-adj-changes
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username admin password 77hMTjqs7QBrE4nZ encrypted privilege 15
username cisco password USOq9S238LRjFqK0 encrypted privilege 15
aaa authentication http console LOCAL
aaa authentication enable console LOCAL
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
http 192.168.0.83 255.255.255.255 MANAGEMENT
http 192.168.0.244 255.255.255.255 MANAGEMENT
http 192.168.0.71 255.255.255.255 MANAGEMENT
http 192.168.0.7 255.255.255.255 MANAGEMENT
http 192.168.0.0 255.255.255.0 MANAGEMENT
snmp-server location Head Quarter
snmp-server contact
snmp-server community $$$$$$$$$$
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 inside
telnet 192.168.0.101 255.255.255.255 MANAGEMENT
telnet 192.168.0.71 255.255.255.255 MANAGEMENT
telnet 192.168.0.72 255.255.255.255 MANAGEMENT
telnet 192.168.0.7 255.255.255.255 MANAGEMENT
telnet 192.168.0.83 255.255.255.255 MANAGEMENT
telnet timeout 30
ssh 192.168.0.0 255.255.255.0 MANAGEMENT
ssh timeout 5
console timeout 0
management-access MANAGEMENT
!
class-map ABCD_inspection
class-map inspection_daefault
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
!
service-policy global_policy global
ntp server 10.1.20.101
Cryptochecksum:57babc115fccbbc0cc59adfc7121112f
: end
HQ-ASA-01#
My e0/2 is attached to Core switch from where my 10.1.0.0 network is coming.I have eight floors all defined in different vlans.Each floors switch(Nortel) is connected to Core Switch(4507R-E).All the users who are in these vlans are not able to access internet thru this ASA 5510. If u need anything else plz tell me.
Kindly help/suggest to solve this .
03-04-2013 10:33 AM
Hi,
Regarding the NAT
You dont need a Policy NAT configuration
A typical NAT configuration in your case would be
global (outside) 20 xxx.xxx.167.140-82.118.167.254 netmask 255.255.255.128
nat (inside) 20 10.1.0.0 255.255.0.0
And the routin still doesnt seem correct to me
route inside 10.1.0.0 255.255.0.0 192.168.0.136 1
You are configuring that network 10.1.0.0/16 is found through "inside" interface. The gateway IP address is however incorrect. It cant point to a IP address that is not part of the network of the "inside" interface.
If you have a network 10.1.16.0/24 between the core switch and the ASA then the ASA "inside" routes should be pointing towards the IP address on network 10.1.16.0/16 that is configured on the core switch. Naturally the core switch should have some route towards the "inside" interface IP address of 10.1.16.75 for traffic to flow to the ASA.
- Jouni
03-05-2013 04:05 AM
Hi Jouni,
I'm little bit confused on this. The requirement is that all the users on different floors must access internet thru the firewall.
when i see the config of the Coreswitch there are different vlans for each floor n they are connected to the core switch.All the vlans are defined in core switch.But i'm unable to get any of those networks onto my ASA.here is the config for Core Switch :
Current configuration : 18527 bytes
!
hostname HQ_Prim_Core_Swt
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$xj2Z$TmV9chRtQWCuXYMsCtBVW/
enable password 7 13521317135C0729
!
username admin password 7 011202095205465E74
username srca password 7 120D09121C0E1F417F7D1A7D65
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.1.10.1 10.1.10.20
ip dhcp excluded-address 10.1.11.1 10.1.11.20
ip dhcp excluded-address 10.1.12.1 10.1.12.20
ip dhcp excluded-address 10.1.13.1 10.1.13.20
ip dhcp excluded-address 10.1.14.1 10.1.14.20
ip dhcp excluded-address 10.1.15.1 10.1.15.20
ip dhcp excluded-address 10.1.16.1 10.1.16.20
ip dhcp excluded-address 10.1.17.1 10.1.17.20
ip dhcp excluded-address 10.1.18.1 10.1.18.20
ip dhcp excluded-address 10.1.11.241 10.1.11.254
ip dhcp excluded-address 10.1.10.241 10.1.10.254
ip dhcp excluded-address 10.1.12.241 10.1.12.254
ip dhcp excluded-address 10.1.13.241 10.1.13.254
ip dhcp excluded-address 10.1.14.241 10.1.14.254
ip dhcp excluded-address 10.1.15.241 10.1.15.254
ip dhcp excluded-address 10.1.16.241 10.1.16.254
ip dhcp excluded-address 10.1.17.241 10.1.17.254
ip dhcp excluded-address 10.1.18.241 10.1.18.254
ip dhcp excluded-address 192.168.0.1 192.168.0.40
!
ip dhcp pool VLAN1
network 192.168.0.0 255.255.255.0
default-router 192.168.0.136
dns-server 192.168.0.1 192.168.0.6
netbios-name-server 192.168.0.1 192.168.0.6
netbios-node-type h-node
!
ip dhcp-server 192.168.0.136
vtp mode transparent
cluster run
!
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
vlan internal allocation policy ascending
!
vlan 10
name Ground_Floor
!
vlan 11
name First_Floor
!
vlan 12
name Second_Floor
!
vlan 13
name Third_Floor
!
vlan 14
name Fourth_Floor
!
vlan 15
name Fifth_Floor
!
vlan 16
name Sixth_Floor
!
vlan 17
name Seventh_Floor
!
vlan 18
name Eighth_Floor
!
vlan 19
name Management
!
vlan 20
name Servers
!
vlan 21
name IP-Cameras
!
vlan 22
name Src_Voice
!
vlan 23
name Src_Vsat
!
vlan 30
!
vlan 31
name cloud
!
vlan 121
!
!
class-map match-all YOU
class-map match-all httpurl
!
interface GigabitEthernet5/9
switchport access vlan 16
switchport mode access
!
interface GigabitEthernet5/43
switchport mode access
!
interface Vlan10
ip address 10.1.10.251 255.255.255.0
ip helper-address 10.1.20.101
ip helper-address 10.1.20.102
standby 10 ip 10.1.10.250
standby 10 preempt
!
interface Vlan11
ip address 10.1.11.251 255.255.255.0
ip helper-address 10.1.20.101
ip helper-address 10.1.20.102
standby 11 ip 10.1.11.250
standby 11 preempt
!
interface Vlan12
ip address 10.1.12.251 255.255.255.0
ip helper-address 10.1.20.101
ip helper-address 10.1.20.102
standby 12 ip 10.1.12.250
standby 12 preempt
!
interface Vlan13
ip address 10.1.13.251 255.255.255.0
ip helper-address 10.1.20.101
ip helper-address 10.1.20.102
standby 13 ip 10.1.13.250
standby 13 preempt
!
interface Vlan14
ip address 10.1.14.251 255.255.255.0
ip helper-address 10.1.20.101
ip helper-address 10.1.20.102
standby 14 ip 10.1.14.250
standby 14 preempt
!
interface Vlan15
ip address 10.1.15.251 255.255.255.0
ip helper-address 10.1.20.101
ip helper-address 10.1.20.102
standby 15 ip 10.1.15.250
standby 15 preempt
!
interface Vlan16
ip address 10.1.16.251 255.255.255.0
ip helper-address 10.1.20.101
ip helper-address 10.1.20.102
standby 15 preempt
standby 16 ip 10.1.16.250
standby 16 preempt
!
interface Vlan17
ip address 10.1.17.251 255.255.255.0
ip helper-address 10.1.20.101
ip helper-address 10.1.20.102
standby 17 ip 10.1.17.250
standby 17 preempt
!
interface Vlan18
ip address 10.1.18.251 255.255.255.0
ip helper-address 10.1.20.101
ip helper-address 10.1.20.102
standby 18 ip 10.1.18.250
standby 18 preempt
!
interface Vlan19
ip address 10.1.19.251 255.255.255.0
standby 19 ip 10.1.19.250
standby 19 preempt
!
interface Vlan20
ip address 10.1.20.251 255.255.255.0
standby 20 ip 10.1.20.250
standby 20 preempt
!
interface Vlan21
ip address 10.1.21.251 255.255.255.0
standby 21 ip 10.1.21.250
standby 21 preempt
!
interface Vlan22
ip address 10.1.22.251 255.255.255.0
ip helper-address 10.1.20.101
ip helper-address 10.1.20.102
standby 22 ip 10.1.22.250
standby 22 preempt
!
interface Vlan23
ip address 10.1.23.251 255.255.255.0
ip helper-address 10.1.20.101
ip helper-address 10.1.20.102
shutdown
standby 23 ip 10.1.23.250
standby 23 preempt
!
interface Vlan30
ip address 192.168.30.13 255.255.255.0
standby 30 ip 192.168.30.12
standby 30 preempt
!
interface Vlan31
ip address 10.101.1.53 255.255.255.0
!
interface Vlan121
ip address 192.168.168.251 255.255.255.0
shutdown
!
ip route profile
ip route 0.0.0.0 0.0.0.0 192.168.0.9
ip route 10.1.0.0 255.255.255.252 192.168.0.9
ip route 10.36.0.0 255.255.0.0 192.168.0.9
ip route 10.66.4.88 255.255.255.252 10.101.1.51
ip route 10.200.7.156 255.255.255.252 10.101.1.51
ip route 10.201.20.0 255.255.255.0 10.20.6.6
ip route 172.16.0.0 255.255.0.0 192.168.0.9
ip route 192.168.99.0 255.255.255.0 192.168.0.9
ip http server
ip http secure-server
!
!
route-map Operations permit 10
match ip address 30
set interface GigabitEthernet2/3
!
Kindly help/suggest .
03-05-2013 04:37 AM
Oh well,
I had just written a long post and the browser thought it would be a good idea to go back one page and lost all that I had written.
Another try. Maybe this time the browser wont decide to do anything special.
So again I dont see any logic with the Static Routing either on the ASA or the Core device when it comes to routing traffic through the ASA
Core
Where is this route pointing towards? Its not the ASA atleast.
ip route 0.0.0.0 0.0.0.0 192.168.0.9
ASA
As I stated before the static route on the ASA doesnt make any sense either
route inside 10.1.0.0 255.255.0.0 192.168.0.136 1
The reasons being that the gateway IP set (192.168.0.136) IS NOT part of the subnet that is configured on the "inside" interface.
Is the ASA supposed to handle all the Internet traffic and is ALL TRAFFIC from the LAN supposed to go through the ASA to the Internet?
If this is the case I think you will need to change the configurations
ASA
interface Ethernet0/2
description ****Trusted_LAN_Network*****
nameif inside
security-level 100
no ip add
ip add 192.168.255.1 255.255.255.0
no route inside 10.1.0.0 255.255.0.0 192.168.0.136 1
route inside 10.1.0.0 255.255.0.0 192.168.255.2
Core
vlan 255
name Core-to-ASA
interface Vlan255
description Core-to-ASA
ip add 192.168.255.2 255.255.255.0
no shutdown
interface
descrition Core-to-ASA
switchport mode access
switchport access vlan 255
switchport nonegotiate
spanning-tree portfast
no ip route 0.0.0.0 0.0.0.0 192.168.0.9
ip route 0.0.0.0 0.0.0.0 192.168.255.1
I MUST STRESS that you only do these configurations if after going through the whole core switch configuration it would seem that it doesnt cause any problems with existing working connections. I cant see the whole core configuration and cant really take everything into consideration.
I dont know where the current default route points to for example. I dont know if the 192.168.0.9 is actually some Internet router you have. In that case changing the default route would naturally mean that all traffic would begin to go through the ASA and potentially break something.
But at the end to get some connections to go through the ASA you will need to route something towards it "inside" interface and have the Core to ASA link in order which it doesnt seem to be at the moment.
The OSPF routing in your Core and ASA is also a mystery to me so that again is something I cant comment on at the moment. The suggestion that I made rely simply on Static routing on both the ASA and the Core device.
- Jouni
03-06-2013 01:45 PM
Hi Jouni,
I'm really sorry for not mentioning this fact from the begining.Act all the users are accessing the internet thru Juniper i.e, 192.168.0.9 . Thats the reason u r seeing the default route in the config of switch.
The requirement states that this connection via ASA should be a backup one. Is it possible to configure that on Cisco 4507 R-E switch.
If i'm doing anything as u mentioned above the users will not able to access internet .
So kindly suggest me how to go.
03-07-2013 02:23 PM
Hi Jouni,
Thanx a lot for ur help.I disabled the older config by backing it up n tried a new config as u said n it worked.
But the prob is i was able access on the 6th floor(on which my data room is located).when i tried accessing internet from other floors i was unable to do so.
Kindly suggest me what else has to be done in addition to what u mentioned in the previous answer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide