Re: ASA

ashz14387 · ‎04-08-2024

Topology as follow,

R1 f0/0 - connected to tap0 and R1 f1/0 connected to R2 f1/0 and R1 f2/0 connected to L3 f1/0
R2 f0/0 - connected to tap1 and R2 f1/0 Cconnected to f1/1 of L3 and R2 f2/0 connected to R4 f1/0
R4 f0/0 - connected to tap2
L3 switch - f0/0 connected to ASA GigabitEthernet 0

In this configurations, I am unable to reach the internet from ASA why?

R1 configuration,

R1 F0/0 connected to tap 0 which has a ip address 10.200.200.1
version 15.2
hostname R1
interface Loopback0
ip address 1.1.1.1 255.255.255.255

interface FastEthernet0/0
ip address 10.200.200.2 255.255.255.252
ip nat outside
ip nbar protocol-discovery
ip flow ingress
duplex full

interface FastEthernet1/0
ip address 4.4.4.3 255.255.255.0
ip flow ingress
duplex full

interface FastEthernet2/0
ip address 10.10.70.5 255.255.255.0
ip nat inside
ip flow ingress
standby 1 ip 10.10.70.2
standby 1 priority 150
standby 1 preempt delay minimum 10
duplex full

router ospf 1
router-id 1.1.1.1
network 0.0.0.0 255.255.255.255 area 0

ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 2 interface FastEthernet0/0 overload
ip forward-protocol nd

no ip http server
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha
ip http secure-port 4143
ip http max-connections 2
ip route 0.0.0.0 0.0.0.0 10.200.200.1
ip route 0.0.0.0 0.0.0.0 6.6.6.1
ip route 2.2.2.0 255.255.255.0 10.200.200.1
ip route 192.168.1.0 255.255.255.0 10.200.200.1

access-list 1 permit any
access-list 10 permit 192.168.1.0 0.0.0.255 log
access-list 11 permit 172.16.1.0 0.0.0.255 log
end

R2 configuration,

R2 F0/0 connected to tap 1 which has a ip address 192.168.1.1

version 15.2
hostname R2

interface Loopback0

ip address 1.1.1.1 255.255.255.255

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.0

ip flow ingress

duplex full

interface FastEthernet1/0

ip address 4.4.4.2 255.255.255.0

ip flow ingress

duplex full

interface FastEthernet2/0

ip address 5.5.5.2 255.255.255.0

ip flow ingress

duplex full

interface FastEthernet3/0

ip address 10.10.70.7 255.255.255.0

ip flow ingress

standby 1 ip 10.10.70.2

standby 1 priority 120

standby 1 preempt

duplex full

router ospf 1

router-id 2.2.2.2

network 0.0.0.0 255.255.255.255 area 0

ip nat inside source list 2 interface FastEthernet0/0 overload

ip forward-protocol nd

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 2.2.2.0 255.255.255.0 192.168.1.1

ip route 192.168.1.0 255.255.255.0 192.168.1.1

access-list 1 permit any

access-list 2 permit 10.10.70.0 0.0.0.255

end

ashz14387 · ‎04-08-2024

Remaining conf,

Hi @All

R4 F0/0 connected to tap 2 which has a ip address 172.16.1.1

version 15.2
hostname R4

interface Loopback0

ip address 1.1.1.1 255.255.255.255

interface FastEthernet0/0

ip address 172.16.1.2 255.255.255.0

ip nat outside

ip nbar protocol-discovery

ip flow ingress

duplex half

interface FastEthernet1/0

ip address 5.5.5.3 255.255.255.0

ip nat inside

ip flow ingress

duplex full

interface FastEthernet2/0

ip address 7.7.7.1 255.255.255.0

ip flow ingress

duplex full

router ospf 1

router-id 3.3.3.3

network 0.0.0.0 255.255.255.255 area 0

ip forward-protocol nd

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 172.16.1.1

ip route 2.2.2.0 255.255.255.0 172.16.1.1

ip route 192.168.1.0 255.255.255.0 172.16.1.1

end

ashz14387 · ‎04-08-2024

L3 switch coifig attached,

ashz14387 · ‎04-08-2024

ASA as follow,

MHM Cisco World · ‎04-08-2024

Share topology

MHM

ashz14387 · ‎04-08-2024

MHM Cisco World · ‎04-08-2024

the internet is Cloud here ? and you want to access from Ubuntu or from ASA interface ?

you use VMware workstation or player ?

MHM

ashz14387 · ‎04-09-2024

Yes each cloud is a tap interface in the local machine.
I am not running ASA and Routers in VMware environment, instead running in a local machine itself
Wanted to ping from asa interface and also from ubuntu

MHM Cisco World · ‎04-09-2024

How you can access internet without VM?

That not work sorry

MHM

ashz14387 · ‎04-09-2024

I have created Tap interface in ubuntu machine and associate each tap interface to the device f0/0 interface for internet connection.
i can access internet from r1, r2 and r4.

MHM Cisco World · ‎04-09-2024

That good' I never try it before.

But it seem it work.

Thanks for update

MHM

ashz14387 · ‎04-09-2024

No Problem, can you suggest why i am unable to access internet from asa through R1. I can access internet through R1 but unable from ASA

MHM Cisco World · ‎04-09-2024

Add NAT in R1 for ASA interface IP' then try access internet.

Sure you can success if R1 have NAT

MHM