03-31-2008 10:11 AM - edited 03-03-2019 09:20 PM
Hi,
I have just got one of these and unsure how to configure it. I have 8 useable IPs from my ISP and behind the router will be a Cisco ASA 5505. One of my public IPs is configured on the external interface of the ASA. Therefore, what I want is for my 877 to be able to receive traffic for any of my public IPs, and then to route the traffic through to the ASA. I have tried this with SDM but cannot get it to work :(
Help would be appreciated.
04-01-2008 01:17 AM
create a static route with the IPs pointing to ASA as next hop.
example on 877:
>enable
#config t
(config)#ip route 10.0.0.0 0.0.0.7 5.5.5.5
5.5.5.5 is the address of ASA in this example, and the registered addresses are 10.0.0.0 to 10.0.0.7
If the addresses are not contiguous, for example you will get 1.1.1.1 2.2.2.2 and 3.3.3.3 from your ISP you can do the followung (again, ASA being the gateway)
:
ip route 1.1.1.1 0.0.0.0 5.5.5.5
ip route 2.2.2.2 0.0.0.0 5.5.5.5
ip route 3.3.3.3 0.0.0.0 5.5.5.5
Also add this for the internet:
ip route 0.0.0.0 0.0.0.0 x.x.x.x where x.x.x.x is the ip address of the neighboring ISP device.
04-01-2008 01:29 AM
Hi,
Many thanks for that.
Finally, I have setup ATM.0 (Dialer0) for connecting to my ISP, but what about internally? VLAN1 is bound to FE1/3 and FE0 is marked as Trunk. I presume FE0 should be connected to the ASA ?
Regards,
04-06-2008 01:43 AM
Okay, my 877 now connects to my ISP okay once I set the default route to be via Dialer0. My issue now is connecting it to the ASA. Before I installed the 877 my network was configured as follows using a Draytek router :-
Outside Interface (X.X.X.137) -> Inside Interface (X.X.X.138) -> Outside Interface ASA (X.X.X.139) -> Inside Interface ASA (192.168.1.1)
When I replace the Draytek with the 877 it will not let me do the same configuration as above, as it complains that the VLAN IP overlaps with the Dialer. So I setup a seperate VLAN (2) on FA3 using the IP 10.10.10.1 and then had the following config :-
issue now is connecting it to the ASA. Before I installed the 877 my network was configured as follows using a Draytek router :-
Outside Interface (X.X.X.137) -> Inside Interface (10.10.10.1) -> Outside Interface ASA (10.10.10.2) -> Inside Interface ASA (192.168.1.1)
This did not work and I could not route to the outside world :(
Help would be appreciated on how I can get this setup to work as it is frying my brain :(
TIA
04-06-2008 03:27 AM
Hi,
Which kind of connection do you have ? Eg if if PPPoE the easier would be to set router as pure bridge and let the ASA handle all the addressing issues.
Alternatively, considering the router can all what the ASA does, eliminate the altter altogether.
04-06-2008 05:21 AM
The 877 is connecting via PPPoA. Want to keep both in the loop as a double layer of protection.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide