Ok, let me clear up what I am trying to do:

The diagram is accurate except for the PIX...All address are correct.

Cable Modem----->Pix----->Cisco 3640----->Cisco 3745-----Cisco 2610

Pix:

Ethernet 0 - Outisde

Ethernet 1 - Inside (192.168.2.4)

Cisco 3640:

Ethernet 0/0 - Connection to Pix (192.168.2.6)

For the EIGRP to work what networks do I need to put in the network statement enable to ping all devices on the network?

Below are the config for the rest of the network?

3640:

Current configuration : 1856 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 3640-Internet

!

boot system flash c3640-ik9s-mz.122-40a.bin

!

username woodjl1650 privilege 15 password 0 henry999

memory-size iomem 25

ip subnet-zero

ip cef

!

!

ip domain-name www.jkkcc.com

ip name-server 192.168.2.127

ip name-server 192.168.2.128

ip dhcp excluded-address 192.168.2.1 192.168.2.150

!

ip dhcp pool 192.168.2.0/24

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

   dns-server 192.168.2.127 192.168.2.128 8.8.8.8 127.0.0.1

!

!

call rsvp-sync

!

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/0

ip address 10.0.1.9 255.255.255.252

!

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/1

ip address 10.0.1.5 255.255.255.252

!

interface Ethernet1/0

no ip address

shutdown

half-duplex

!

interface Ethernet1/1

no ip address

shutdown

half-duplex

!

interface Ethernet3/0

no ip address

shutdown

half-duplex

!

interface Ethernet3/1

no ip address

shutdown

half-duplex

!

router eigrp 1

network 10.0.0.0

network 192.168.0.0

network 192.168.2.0

no auto-summary

!

ip nat inside source list 15 interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.2.128 80 interface FastEthernet0/0 80

ip nat inside source static tcp 192.168.2.128 25 interface FastEthernet0/0 25

ip classless

ip http server

ip http authentication local

!

access-list 15 permit 192.168.2.0 0.0.0.255

snmp-server community public RO

snmp-server community private RW

snmp-server enable traps tty

!

dial-peer cor custom

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet

!

end

3745:

Building configuration...

Current configuration : 1531 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 3745-Internet

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.150

!

ip dhcp pool 192.168.1.0/24

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.1

   dns-server 192.168.2.127 192.168.2.128 8.8.8.8 127.0.0.1

!

!

ip domain name www.jkkcc.com

ip name-server 192.168.2.127

ip name-server 192.168.2.128

!

username woodjl1650 privilege 15 password 0 henry999

!

!

!

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/0

ip address 10.0.1.6 255.255.255.252

no fair-queue

clock rate 2000000

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip route-cache flow

shutdown

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

clock rate 2000000

!

router eigrp 1

network 10.0.1.4

network 192.168.1.0

no auto-summary

!

ip forward-protocol nd

ip route 192.168.2.0 255.255.255.0 192.168.20.0

!

ip http server

ip http authentication local

ip nat inside source list 15 interface FastEthernet0/0 overload

!

access-list 15 permit 192.168.1.0 0.0.0.255

snmp-server community public RO

snmp-server community private RW

snmp-server enable traps tty

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet

!

!

end

2610:

Building configuration...

Current configuration : 985 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router

!

boot-start-marker

boot system flash

boot-end-marker

!

no logging on

!

no aaa new-model

ip subnet-zero

ip cef

!

!

ip dhcp excluded-address 192.168.3.1 192.168.3.150

!

ip dhcp pool 192.168.3.0/24

   network 192.168.3.0 255.255.255.0

   default-router 192.168.3.1

   dns-server 192.168.2.127 192.168.2.128 8.8.8.8

!

!

username woodjl1650 privilege 15 password 0 henry999

!

!

!

!

interface Ethernet0/0

ip address 192.168.3.1 255.255.255.0

half-duplex

!

interface Serial0/0

ip address 10.0.1.10 255.255.255.252

clock rate 2000000

!

interface Serial0/1

no ip address

shutdown

!

router eigrp 1

network 10.0.0.0

network 192.168.3.0

no auto-summary

!

no ip http server

ip classless

!

!

snmp-server community public RO

snmp-server community private RW

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet

!

!

end

Hello Jonathan,

For the EIGRP to work what networks do I need to put in the network statement enable to ping all devices on the network?

Only the 192.168.2.0/24

Can you ping the 3745 from the pix ( they are directly connected so they should)?

No I can't ping any network.

PIX - Config:

PIX Version 8.0(4)32

!

hostname PIX515E

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0

nameif outside

security-level 0

ip address dhcp setroute

!

interface Ethernet1

nameif inside

security-level 100

ip address 192.168.4.1 255.255.255.0

!

interface Ethernet2

shutdown

nameif DMZ

security-level 50

ip address 192.168.4.2 255.255.255.0

!

interface Ethernet3

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet4

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet5

shutdown

no nameif

no security-level

no ip address

!

ftp mode passive

object-group icmp-type ICMP-INBOUND

description Permit necessary inbound ICMP traffic

icmp-object echo-reply

icmp-object unreachable

icmp-object time-exceeded

access-list INBOUND extended permit icmp any any object-group ICMP-INBOUND

pager lines 24

mtu outside 1500

mtu inside 1500

mtu DMZ 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

!

router eigrp 1

network 192.168.2.0 255.255.255.0

network 192.168.4.0 255.255.255.0

!

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd ping_timeout 750

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

!

prompt hostname context

Cryptochecksum:9251654182c76b63f56201b20219052a

: end

Hello Jonathan,

I do not understand, on the first post you only have 2 interfaces now you have 3!!

Why are they on the same subnet!!

router eigrp 1

network 192.168.2.0 255.255.255.0

network 192.168.4.0 255.255.255.0

!

So outside interface network is 192.168.2.0 and inside interface network is 192.168.4.0

Please check the status of the interface on the ASA and the directly connected device.

I need the ASAs inside ip address ( the right one not 2 of them as on this post) and also the ip address of the device directly connected to the ASA...

Because as I can see the Cisco 3640 is not on the same subnet than the ASA

Cable Modem----->Pix----->Cisco 3640----->Cisco 3745-----Cisco 2610

3640 ip :

ip address 192.168.2.1 255.255.255.0

I am just trying to troubleshoot, trying to figure out how to get this device to work right.  Like I stated in the begining this is a home lab, so no IP address is firm.  I am trying different IPs out until someone can help me with the config.

What IP subnet should I use for the PIX?

Hello Jonathan,

If we troubleshoot it and each single post you change it there is no future on this discussion..

What IP subnet should I use for the PIX?

The same one that you have on the device directly connected, so they can exchange hello packets,EIGRP packets, etc,etc.......

Ok, IP address will be 192.168.2.5.

Sure,

Let me know if you can ping the directly connected device!!

Regards,

Do rate all the helpful posts!

Still not able to ping from my PC (192.168.2.122) to the PIX (192.168.2.5) also can't ping from PIX to 3640 (192.168.2.1)

Current show run:

PIX Version 8.0(4)32

!

hostname PIX515E

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0

nameif outside

security-level 0

ip address dhcp setroute

!

interface Ethernet1

nameif inside

security-level 100

ip address 192.168.2.5 255.255.255.0

!

interface Ethernet2

nameif DMZ

security-level 50

ip address 192.168.2.6 255.255.255.0

!

interface Ethernet3

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet4

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet5

shutdown

no nameif

no security-level

no ip address

!

ftp mode passive

object-group icmp-type ICMP-INBOUND

description Permit necessary inbound ICMP traffic

icmp-object echo-reply

icmp-object unreachable

icmp-object time-exceeded

access-list INBOUND extended permit icmp any any object-group ICMP-INBOUND

pager lines 24

mtu outside 1500

mtu inside 1500

mtu DMZ 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

!

router eigrp 1

network 192.168.2.0 255.255.255.0

!

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd ping_timeout 750

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

!

prompt hostname context

Cryptochecksum:68f53bfe67a6272a7406881d204a69d4

Hello,

Provide:

show interface ip brief on the pix

and sh ip interface brief on the 3640

PIX: - Not sure why is says IP address uassigned.... any idea?

So looking at this, my connection could be wrong - PIX Ethernet 1 connected to Switch, does it need to be connected directly to the 3640, if so, what type to cable? Roll-Over, Crossover or straigh through?

PIX515E# show interface ip brief

Interface                  IP-Address      OK? Method Status                Protocol

Ethernet0                  unassigned      YES DHCP   down                  down

Ethernet1                  unassigned      YES manual up                    up

Ethernet2                  unassigned      YES manual down                  down

Ethernet3                  unassigned      YES unset  administratively down down

Ethernet4                  unassigned      YES unset  administratively down down

Ethernet5                  unassigned      YES unset  administratively down down

3640:

3640-Internet#show ip interface brief

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            68.224.240.31   YES DHCP   up                    up 

Serial0/0                  10.0.1.9        YES NVRAM  up                    up 

FastEthernet0/1            192.168.2.1     YES NVRAM  up                    up 

Serial0/1                  10.0.1.5        YES NVRAM  up                    up 

Ethernet1/0                192.168.4.10    YES manual up                    down

Ethernet1/1                unassigned      YES NVRAM  administratively down down

Ethernet3/0                unassigned      YES NVRAM  administratively down down

Ethernet3/1                unassigned      YES NVRAM  administratively down down

3640-Internet#

Hello,

You can connect it to the switch, but as you can see the unassigned is the issue

interface Ethernet1

nameif inside

security-level 100

ip address 192.168.2.5 255.255.255.0

!

interface Ethernet2

nameif DMZ

security-level 50

no ip address 192.168.2.6 255.255.255.0

Regards,

Julio