Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
0
Helpful
7
Replies

Routing Vlans on ASA

philbert_manalo
Level 1
Level 1

‎07-25-2016 05:48 PM - edited ‎03-12-2019 01:03 AM

Hi,

I want all my vlans access to the internet, unfortunately it failed. as i see i am having problem with my routing on the  asa. what is the right command that i will use. my static route is "outside.any.any.public ip". thank you!

Regards,

Philbert

Labels:
0 Helpful
7 Replies 7

johnlloyd_13
Level 9
Level 9

‎07-25-2016 06:52 PM

hi,

are you referring to static default route on the ASA?

the commands should be:

route outside 0.0.0.0 0.0.0.0 <ISP GW IP>

or the shorthand command:

route outside 0 0 <ISP GW IP>

0 Helpful

Cristian Nilsson
Level 1
Level 1
In response to johnlloyd_13

‎07-28-2016 04:32 AM

And if DHCP dont forget the "set route"

interface Vlan20
 nameif OUTSIDE
 security-level 0
 ip address dhcp setroute

//Cristian

0 Helpful

philbert_manalo
Level 1
Level 1
In response to Cristian Nilsson

‎07-28-2016 08:06 PM

hi Cristian,

what if my DHCP is coming from the AD server? do i still need to setroute?

Regards,

Philbert

0 Helpful

Cristian Nilsson
Level 1
Level 1
In response to philbert_manalo

‎07-29-2016 04:05 PM

The set-route command should be applied on your OUTSIDE interface connected to ISP, but only if you get IP by DHCP from ISP.

If you have a static IP assigned to OUTSIDE interface you should use the command route OUTSIDE 0 0 x.x.x.x instead, where x.x.x.x is your IPS gateway.

Regards,

Cristian

0 Helpful

philbert_manalo
Level 1
Level 1
In response to johnlloyd_13

‎07-28-2016 08:08 PM

hi Johnlloyd,

what if i have vlans?an they get their IP on the AD server

Regards,

Philbert

0 Helpful

Kasun Bandara
VIP
VIP

‎07-28-2016 11:23 PM

Hi, can you please send the configuration to check? basically, you should add default route to outside interface. and then, create a policy to enable traffic between those interfaces with ACL. Regards
Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

ahmedshoaib
Level 4
Level 4

‎07-30-2016 03:44 AM

Hi;

As I understand that you have multiple Vlan configure on your firewall and you want all vlan should get access to internet. To access the internet you need to do 2 things:

 

  • Configure default gateway: (which you already configured)

route outside 0 0 <ISP GW IP>

 

  • Configure the NAT for all the vlan, those you want to access the internet (i.e I took 2 vlan 10 & 20)

 

interface GigabitEthernet0/1.10

vlan 10

nameif Inside_vlan10

security-level 100

ip address 192.168.10.1 255.255.255.0

 

interface GigabitEthernet0/1.20

vlan 20

nameif Inside_vlan20

security-level 100

ip address 192.168.20.1 255.255.255.0

 

object network net-192.168.10

     subnet 192.168.10.0 255.255.255.0

     nat (Inside_vlan10,Outside) dynamic interface

 

object network net-192.168.20

     subnet 192.168.20.0 255.255.255.0

     nat (Inside_vlan20,Outside) dynamic interface

 

Thanks & Best regards;

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card