cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
988
Views
0
Helpful
7
Replies

Cisco asa 5505 with Router 881w Configuration Help

Heber Trejo
Level 1
Level 1

Hello all,

I'm having trouble setting up a second vlan to route to the internet. I have a Cisco ASA 5505 connected to my ISP(OUTSIDE) and a Cisco 881w (INSIDE) router in the back of my firewall. My vlan 10 with the network 192.168.5.1 255.255.255.0 works with pat, however vlan 15 that is on my 881w router does not route to the internet at all. I can only ping from 192.168.15.15 network to 192.168.5.1 I would like some advice on how can I make this set up work. Attached with this discussion is a picture of my topology.

Thanks in advance.

 

here are the show runs:

 

Cisco ASA 5505 show run:

ASA Version 8.3(1)

!

names

!

interface Vlan1

 no nameif

 no security-level

 no ip address

!

interface Vlan5

 mac-address xxxx.xxxx.xxxx

 nameif OUTSIDE

 security-level 0

 ip address dhcp setroute

!

interface Vlan10

 nameif INSIDE

 security-level 100

 ip address 192.168.5.1 255.255.255.0

!

interface Ethernet0/0

 switchport access vlan 5

!

interface Ethernet0/1

 switchport access vlan 10

!

interface Ethernet0/2

 

!

interface Ethernet0/3

 shutdown

!

interface Ethernet0/4

 shutdown

!

interface Ethernet0/5

 shutdown

!

interface Ethernet0/6

 shutdown

!

interface Ethernet0/7

 shutdown

 

ftp mode passive

clock timezone CST -6

clock summer-time CDT recurring

object network INTERNAL_LAN

 subnet 192.168.5.0 255.255.255.0

object network PRIVATE_LAN_192

 subnet 192.168.15.0 255.255.255.224

 description PRIVATE_LAN_192

access-list INSIDE_access_in extended permit ip any any

access-list INSIDE_access_in extended deny ip any any

access-list OUTSIDE_access_in extended permit ip any any

access-list OUTSIDE_access_in extended deny ip any any

pager lines 24

logging enable

 

mtu OUTSIDE 1500

mtu INSIDE 1500

ip verify reverse-path interface OUTSIDE

ip verify reverse-path interface INSIDE

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

!

object network INTERNAL_LAN

 nat (INSIDE,OUTSIDE) dynamic interface

object network PRIVATE_LAN_192

 nat (INSIDE,OUTSIDE) dynamic interface

access-group OUTSIDE_access_in in interface OUTSIDE

access-group INSIDE_access_in in interface INSIDE

route INSIDE 192.168.15.0 255.255.255.224 192.168.5.2 1

dynamic-access-policy-record DfltAccessPolicy

http server enable

dhcpd dns 8.8.8.8 75.75.76.76

!

dhcpd address 192.168.5.10-192.168.5.100 INSIDE

dhcpd enable INSIDE

!

-----------------------------------------------------

Router 881w show run:

Current configuration : 4912 bytes
!
version 12.4

no ip source-route
ip dhcp excluded-address 192.168.15.1 192.168.15.10
!
ip dhcp pool PRIVATE_LAN
   network 192.168.15.0 255.255.255.224
!
interface FastEthernet0
 switchport trunk allowed vlan 1,15,1002-1005
 switchport mode trunk
!
interface FastEthernet1

!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 ip address 192.168.5.2 255.255.255.0
 duplex auto
 speed auto
!
interface wlan-ap0
 description Service module interface to manage the embedded AP
 no ip address
 arp timeout 0
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
!
interface Vlan1
 no ip address
!
interface Vlan15
 ip address 192.168.15.1 255.255.255.224
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
no ip http server
ip http authentication local
ip http secure-server
!
!

7 Replies 7

petenixon
Level 3
Level 3

Whilst I look through your config, can you give a little more info about the cable modem? Does it contain any configuration?

The cable modem does not have any configuration. I cant add any to it. Its a cisco dpc3008. From vlan 10 i have no problem to get to the internet with the above  configuration. My problem is just vlan 15.

Can you post the output of a pack-tracer from inside (vlan 15) to outside.

Can you post the output of the command "show nat"

I've added a pc to vlan 10 and it routes to the internet.

john.trinh
Level 1
Level 1

Hi Heber,

I have a similar network at home:

Motorola Modem>ASA5510>881W>3780>3780.

Did you ever resolve your issue?

Regards,

John T

Yes I did, are you having a problem?

Review Cisco Networking for a $25 gift card