04-08-2024 10:21 PM
Hi @All
Topology as follow,
R1 f0/0 - connected to tap0 and R1 f1/0 connected to R2 f1/0 and R1 f2/0 connected to L3 f1/0
R2 f0/0 - connected to tap1 and R2 f1/0 Cconnected to f1/1 of L3 and R2 f2/0 connected to R4 f1/0
R4 f0/0 - connected to tap2
L3 switch - f0/0 connected to ASA GigabitEthernet 0
In this configurations, I am unable to reach the internet from ASA why?
R1 configuration,
R1 F0/0 connected to tap 0 which has a ip address 10.200.200.1
version 15.2
hostname R1
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface FastEthernet0/0
ip address 10.200.200.2 255.255.255.252
ip nat outside
ip nbar protocol-discovery
ip flow ingress
duplex full
interface FastEthernet1/0
ip address 4.4.4.3 255.255.255.0
ip flow ingress
duplex full
interface FastEthernet2/0
ip address 10.10.70.5 255.255.255.0
ip nat inside
ip flow ingress
standby 1 ip 10.10.70.2
standby 1 priority 150
standby 1 preempt delay minimum 10
duplex full
router ospf 1
router-id 1.1.1.1
network 0.0.0.0 255.255.255.255 area 0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 2 interface FastEthernet0/0 overload
ip forward-protocol nd
no ip http server
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha
ip http secure-port 4143
ip http max-connections 2
ip route 0.0.0.0 0.0.0.0 10.200.200.1
ip route 0.0.0.0 0.0.0.0 6.6.6.1
ip route 2.2.2.0 255.255.255.0 10.200.200.1
ip route 192.168.1.0 255.255.255.0 10.200.200.1
access-list 1 permit any
access-list 10 permit 192.168.1.0 0.0.0.255 log
access-list 11 permit 172.16.1.0 0.0.0.255 log
end
R2 configuration,
R2 F0/0 connected to tap 1 which has a ip address 192.168.1.1
version 15.2
hostname R2
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
ip flow ingress
duplex full
interface FastEthernet1/0
ip address 4.4.4.2 255.255.255.0
ip flow ingress
duplex full
interface FastEthernet2/0
ip address 5.5.5.2 255.255.255.0
ip flow ingress
duplex full
interface FastEthernet3/0
ip address 10.10.70.7 255.255.255.0
ip flow ingress
standby 1 ip 10.10.70.2
standby 1 priority 120
standby 1 preempt
duplex full
router ospf 1
router-id 2.2.2.2
network 0.0.0.0 255.255.255.255 area 0
ip nat inside source list 2 interface FastEthernet0/0 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 2.2.2.0 255.255.255.0 192.168.1.1
ip route 192.168.1.0 255.255.255.0 192.168.1.1
access-list 1 permit any
access-list 2 permit 10.10.70.0 0.0.0.255
end
04-08-2024 10:22 PM
Remaining conf,
Hi @All
R4 F0/0 connected to tap 2 which has a ip address 172.16.1.1
version 15.2
hostname R4
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface FastEthernet0/0
ip address 172.16.1.2 255.255.255.0
ip nat outside
ip nbar protocol-discovery
ip flow ingress
duplex half
interface FastEthernet1/0
ip address 5.5.5.3 255.255.255.0
ip nat inside
ip flow ingress
duplex full
interface FastEthernet2/0
ip address 7.7.7.1 255.255.255.0
ip flow ingress
duplex full
router ospf 1
router-id 3.3.3.3
network 0.0.0.0 255.255.255.255 area 0
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.1.1
ip route 2.2.2.0 255.255.255.0 172.16.1.1
ip route 192.168.1.0 255.255.255.0 172.16.1.1
end
04-08-2024 10:28 PM
04-08-2024 10:29 PM
04-08-2024 10:55 PM
Share topology
MHM
04-08-2024 11:07 PM
04-08-2024 11:39 PM
the internet is Cloud here ? and you want to access from Ubuntu or from ASA interface ?
you use VMware workstation or player ?
MHM
04-09-2024 12:56 AM
Yes each cloud is a tap interface in the local machine.
I am not running ASA and Routers in VMware environment, instead running in a local machine itself
Wanted to ping from asa interface and also from ubuntu
04-09-2024 12:58 AM
How you can access internet without VM?
That not work sorry
MHM
04-09-2024 02:37 AM
I have created Tap interface in ubuntu machine and associate each tap interface to the device f0/0 interface for internet connection.
i can access internet from r1, r2 and r4.
04-09-2024 02:57 AM
That good' I never try it before.
But it seem it work.
Thanks for update
MHM
04-09-2024 05:59 AM
No Problem, can you suggest why i am unable to access internet from asa through R1. I can access internet through R1 but unable from ASA
04-09-2024 06:03 AM
Add NAT in R1 for ASA interface IP' then try access internet.
Sure you can success if R1 have NAT
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide