cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1596
Views
5
Helpful
3
Replies

Cisco ASA5510 configuration help

MartynasSm
Level 1
Level 1

Hi,

 

I need some help with Cisco ASA configuration. Basically I have one dummy switch used to feed my active/passive firewall.

 

On that switch I have following configuration:

 

ip subnet-zero
ip routing
!
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.113
!
vlan 101
name insideVLAN
!
!
!
interface vlan 101
description *** Inside vlan ***
ip address 192.168.101.1 255.255.255.0
!
interface FastEthernet2/0/1
description *** uplink to active fw ***
switchport access vlan 101
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard disable
!
interface FastEthernet2/0/2
description *** uplink to standby fw ***
switchport access vlan 101
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard disable
!

interface FastEthernet2/0/48
description *** Level3 Uplink ***
no switchport access vlan 10
no switchport mode access
no switchport nonegotiate
ip address xx.xx.xx.114 255.255.255.248
no shutdown
!

 

I can ping google or anything else from this switch. Problem starts when I connect firewall to this switch. I can't get it to communicate with internet... I've attached my firewall config. Firewall itself is then connected to switch stack (also config attached). And switch stack then feeds user switches (also attached config).

 

Any help would be highly appreciated.

 

Regards,

 

Martynas

 

 

3 Replies 3

FBMTRAV
Level 1
Level 1

Try creating a layer 2 VLAN, make the port to Level3 and your firewall access ports on that VLAN. Also try removing switchport nonegotiate.

 

conf t

vlan 200

name INET

!

interface FastEthernet2/0/1
description *** uplink to active fw ***
switchport access vlan 200

switchport mode access

spanning-tree portfast

!
interface FastEthernet2/0/2
description *** uplink to standby fw ***
switchport access vlan 200
switchport mode access
spanning-tree portfast
!

interface FastEthernet2/0/48

description *** Level3 Uplink ***
switchport access vlan 200

switchport mode access
no shutdown

Your firewall outside port will need the Level3 IP assigned;

 

ip address xx.xx.xx.114 255.255.255.248

pappacrunch
Level 1
Level 1

Do you have PAT configured on the firewall? If not try adding:

 

object network lab-inside

subnet 192.168.100.0 255.255.255.0

nat (lab-inside, outside) dynamic interface

access-group LAB->OUTSIDE in interface lab-inside

 

This should ensure the correct traffic flow on the ASA. 

Let me know if this helps. 

Thanks.

Review Cisco Networking for a $25 gift card