Cisco 5508-X; GE 1/3 Router (192.168.2.1) to communicate w/ GE 1/6 Router (192.168.5.1)

fbeye · ‎01-26-2019

I am having some difficulties where to even start with this but my need is for anyone on the GE1/3 to communicate with GE1/6 back and forth.

My reasoning for this is my GE 1/3 is a Wifi Router which simply leads to the internet and works for normal day to day and my GE 1/6 is another WiFi Router with a built in DDWRT and VPN Client Software which can also get onto the Internet.

My 1/6 has a NAS on it and anyone on GE 1/6 can access it but I also want anyone on GE 1/3 to be able to, locally.

As far as internal network goes, my NAS is 192.168.1.112 and everyone on GE 1/6 has access but I just need 192.168.1.112 to be accessible to anyone on 192.168.2.1.

I messed around with Static IP Routing but clearly am missing a bigger picture... The 5508-X WAN GE 1/1 is Security level 0 and GE 1/3- GE 1/6 are both 100 so I assume they can communicate among each other.

As I said I have tried several attempts with this but came up shirt.. Any suggestions?

To clarify, the 5508-X uses x.x.2.1 and x.x.5.1 but the LAN on the Router connected to x.x.2.1 uses 192.168.0.x and the LAN on Router connected to x.x.5.1 uses 192.168.1.x.

Georg Pauwen · ‎01-27-2019

Hello,

do you have:

same-security-traffic permit inter-interface

configured on your ASA ?

fbeye · ‎01-27-2019

Good Morning.

I had not had that option enabled but now it is. I had assumed that the cross traffic would occur simply by having the same security levels enabled.

I can now access my email server from

one GE to another GE without having different security levels.

As far as one GE seeing the NAS on the other GE, would that be done by me creating static routes from one wifi router connected to GE3 to the wifi router connected to GE5 and vice versa?

fbeye · ‎01-27-2019

I drew a diagram showing my setup.. Hope it helps.

Simply put, I want the Wifi and subnet on 192.168.2.1 GE to access the NAS on the subnet connected to 192.168.5.1 GE.

fbeye · ‎01-28-2019

I wonder; Would I have to set up NAT for this internal access from one GE Port to another or is this just done on the routers side with an IP route.

I ask because when I’m the same network as the NAS all I type in is the IP and I am in but maybe from a different networks point of view it has to access it via a specific port, which i believe is 9090.

My last comment is this; the router with the NAS is connected hard coded to a vpn and has an internal Killswitch which disables all activity in and out if disconnected.

would it being hardwired to a vpn have any weight in my Cisco’s interfaces connecting to it or through it to the nas.

fbeye · ‎02-15-2019

Any other advice or direction anyone can assist with?

I may not even be describing what I want good enough to make sense.

I have the Interfaces enabled to communicate with each other and I reset the routers to have a different format then what the Cisco uses; I am using 10.0.1.x and 10.0.2.x.

I am at a loss as to how to approach this. Is my issue simply with up routing on the routers themselves? Do I need to create a route from 1 router to the next? That would be simple enough but how does the Cisco know what the routers are doing. Would this be a NAT issue? And really I am not even sure if what I want is logical.

My other thought was to plug in a Switch into one of the interfaces, let’s say GE 1/3 with a 192.168.2.1 and then plug the 2 Routers into that switch with a 192.168.2.10 and 192.268.2.11 (and each still having the 10.0.x.x subnet) so neither have to leave any interface through the Cisco to go into another.

Maybe I am making this overly complicated.