Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1550
Views
1
Helpful
12
Replies

ASA

ashz14387
Level 1
Level 1

‎04-08-2024 10:21 PM

Hi @All 

Topology as follow,

R1 f0/0 - connected to tap0 and R1 f1/0 connected to R2 f1/0 and R1 f2/0 connected to L3 f1/0
R2 f0/0 - connected to tap1 and R2 f1/0 Cconnected to f1/1 of L3 and R2 f2/0 connected to R4 f1/0
R4 f0/0 - connected to tap2
L3 switch - f0/0 connected to ASA GigabitEthernet 0

In this configurations, I am unable to reach the internet from ASA why?

R1 configuration,

R1 F0/0 connected to tap 0 which has a ip address 10.200.200.1
version 15.2
hostname R1
interface Loopback0
ip address 1.1.1.1 255.255.255.255

interface FastEthernet0/0
ip address 10.200.200.2 255.255.255.252
ip nat outside
ip nbar protocol-discovery
ip flow ingress
duplex full

interface FastEthernet1/0
ip address 4.4.4.3 255.255.255.0
ip flow ingress
duplex full

interface FastEthernet2/0
ip address 10.10.70.5 255.255.255.0
ip nat inside
ip flow ingress
standby 1 ip 10.10.70.2
standby 1 priority 150
standby 1 preempt delay minimum 10
duplex full

router ospf 1
router-id 1.1.1.1
network 0.0.0.0 255.255.255.255 area 0

ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 2 interface FastEthernet0/0 overload
ip forward-protocol nd

no ip http server
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha
ip http secure-port 4143
ip http max-connections 2
ip route 0.0.0.0 0.0.0.0 10.200.200.1
ip route 0.0.0.0 0.0.0.0 6.6.6.1
ip route 2.2.2.0 255.255.255.0 10.200.200.1
ip route 192.168.1.0 255.255.255.0 10.200.200.1

access-list 1 permit any
access-list 10 permit 192.168.1.0 0.0.0.255 log
access-list 11 permit 172.16.1.0 0.0.0.255 log
end

R2 configuration,

R2 F0/0 connected to tap 1 which has a ip address 192.168.1.1

version 15.2
hostname R2

interface Loopback0

ip address 1.1.1.1 255.255.255.255

 

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.0

ip flow ingress

duplex full

 

interface FastEthernet1/0

ip address 4.4.4.2 255.255.255.0

ip flow ingress

duplex full

 

interface FastEthernet2/0

ip address 5.5.5.2 255.255.255.0

ip flow ingress

duplex full

 

interface FastEthernet3/0

ip address 10.10.70.7 255.255.255.0

ip flow ingress

standby 1 ip 10.10.70.2

standby 1 priority 120

standby 1 preempt

duplex full

 

 

router ospf 1

router-id 2.2.2.2

network 0.0.0.0 255.255.255.255 area 0

 

ip nat inside source list 2 interface FastEthernet0/0 overload

ip forward-protocol nd

 

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 2.2.2.0 255.255.255.0 192.168.1.1

ip route 192.168.1.0 255.255.255.0 192.168.1.1

access-list 1 permit any

access-list 2 permit 10.10.70.0 0.0.0.255

end

Labels:
0 Helpful
12 Replies 12

ashz14387
Level 1
Level 1

‎04-08-2024 10:22 PM

Remaining conf,

Hi @All 

 

 

 

R4 F0/0 connected to tap 2 which has a ip address 172.16.1.1


version 15.2
hostname R4


interface Loopback0

ip address 1.1.1.1 255.255.255.255

 

interface FastEthernet0/0

ip address 172.16.1.2 255.255.255.0

ip nat outside

ip nbar protocol-discovery

ip flow ingress

duplex half


interface FastEthernet1/0

ip address 5.5.5.3 255.255.255.0

ip nat inside

ip flow ingress

duplex full


interface FastEthernet2/0

ip address 7.7.7.1 255.255.255.0

ip flow ingress

duplex full


router ospf 1

router-id 3.3.3.3

network 0.0.0.0 255.255.255.255 area 0


ip forward-protocol nd


no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 172.16.1.1

ip route 2.2.2.0 255.255.255.0 172.16.1.1

ip route 192.168.1.0 255.255.255.0 172.16.1.1

end

0 Helpful

ashz14387
Level 1
Level 1
In response to ashz14387

‎04-08-2024 10:28 PM

L3 switch coifig attached,

L3.txt
Preview file
1 KB
0 Helpful

ashz14387
Level 1
Level 1
In response to ashz14387

‎04-08-2024 10:29 PM

ASA as follow,


ASA.txt
Preview file
3 KB
0 Helpful

MHM Cisco World
VIP
VIP
In response to ashz14387

‎04-08-2024 10:55 PM

Share topology 

MHM

0 Helpful

ashz14387
Level 1
Level 1
In response to MHM Cisco World

‎04-08-2024 11:07 PM

Asa.png

0 Helpful

MHM Cisco World
VIP
VIP
In response to ashz14387

‎04-08-2024 11:39 PM

the internet is Cloud here ? and you want to access from Ubuntu or from ASA interface ?

you use VMware workstation or player ?

MHM

0 Helpful

ashz14387
Level 1
Level 1
In response to MHM Cisco World

‎04-09-2024 12:56 AM

Yes each cloud is a tap interface in the local machine.
I am not running ASA and Routers in VMware environment, instead running in a local machine itself
Wanted to ping from asa interface and also from ubuntu

0 Helpful

MHM Cisco World
VIP
VIP
In response to ashz14387

‎04-09-2024 12:58 AM

How you can access internet without VM?

That not work sorry 

MHM

0 Helpful

ashz14387
Level 1
Level 1
In response to MHM Cisco World

‎04-09-2024 02:37 AM

I have created Tap interface in ubuntu machine and associate each tap interface to the device f0/0 interface for internet connection.
i can access internet from r1, r2 and r4.

MHM Cisco World
VIP
VIP
In response to ashz14387

‎04-09-2024 02:57 AM

That good' I never try it before.

But it seem it work.

Thanks for update 

MHM

0 Helpful

ashz14387
Level 1
Level 1
In response to MHM Cisco World

‎04-09-2024 05:59 AM

No Problem, can you suggest why i am unable to access internet from asa through R1. I can access internet through R1 but unable from ASA

0 Helpful

MHM Cisco World
VIP
VIP
In response to ashz14387

‎04-09-2024 06:03 AM

Add NAT in R1 for ASA interface IP' then try access internet.

Sure you can success if R1 have NAT

MHM

0 Helpful
Customers Also Viewed These Support Documents
Top