Adding firewall between two routers - packet tracer

EmilyTest93963 · ‎10-14-2020

As part of a project, I need to add an A5505 firewall between the routers to create a secure link. Both sides still need to be able to access the email server and web server as they currently can/ ping each other.

Appreciate the help.

Georg Pauwen · ‎10-14-2020

Hello,

if you have the choice, I would add two firewalls. I cannot access the routers (they are locked), but I added the fully configured firewalls (file attached). You need to make the changes below on your routers:

AKCBranchRouter

interface FastEthernet0/1
description Uplink to ASA
ip address 192.168.1.1 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 192.168.1.2

AKCHQRouter

interface FastEthernet0/1
description Uplink to ASA
ip address 192.168.1.5 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 192.168.1.6

EmilyTest93963 · ‎10-14-2020

Hi Georg,

Thanks for the quick response, trying to open the file but just appears with invalid file? not compatible with this version of packet tracer. Could you try and send it again please?

Also routers are locked yes, you should be able to access these through each of the laptop consoles instead through the CLI, password cisco, exec password is class.

Thanks again for the help.

EmilyTest93963 · ‎10-14-2020

I've got the file working now sorry my packet tracer was running on an older version.

I've made the changes to the router as suggested but it appears still not to be working, traffic is still failing

Georg Pauwen · ‎10-14-2020

Hello,

an access list was missing on the ASAs. Make sure both are present on both ASAs. Revised file attached.

access-list ACL_OUT extended permit ip any any
access-list ACL_IN extended permit ip any any
!
access-group ACL_OUT in interface outside
access-group ACL_IN in interface inside

EmilyTest93963 · ‎10-14-2020

Hi Georg,

Thanks again, i have tried to make the changes you have said above and used the new file. However, when trying to ping, AKCBRANCHPC0 from AKCHQPC0, it is still failing at the firewall?

Thank you, appreciate the help with this.

Georg Pauwen · ‎10-14-2020

Hello,

Packet Tracer can be quirky. I have to wait for several minutes before everything starts to work. Give it a good (up to) 10 minutes, than try to ping again.

EmilyTest93963 · ‎10-14-2020

Okay no problem, i'll open it up now and try again in 10 minutes.

Georg Pauwen · ‎10-14-2020

I started a continuous ping (ping -t) from both PCs.

I'll start the file again and check how long it takes.

EmilyTest93963 · ‎10-14-2020

Hi Georg,

Thanks, after looking at it again now after 10 minutes, i'm abit confused!

AKCBranchPC0 can ping both HQ Pc's and vice versa.

AKCBranchPC1 can not be reached by either.

Also it appears like i can't ping the web server from HQ side.

I also can't ping the email sever from the branch side?

Are you able to do any of above? i may have configured something incorrectly but I am not sure.

Appreciate the help.

Georg Pauwen · ‎10-14-2020

Hello,

I experience similar issues. Connectivity is very random. To be honest, I have seen that a lot before, especially if you mix several types of connectivity (wireless/wired/phones/tablets).

EmilyTest93963 · ‎10-14-2020

Nightmare.

Any ideas to get around this?

Would it be possible to place the firewall some where else for it to function better? Only have a few days to try and complete this, so trying to work it out - but it is not easy at all.

Thank you

Georg Pauwen · ‎10-15-2020

Hello,

I replaced the ASAs with 5505 firewalls, everything is still slow, see what the file attached does on your computer. If it doesn't work, we could try either one, or no firewall at all. According to the course outline, the firewall seems optional anyway...