Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
561
Views
0
Helpful
6
Replies

Config Help

gregory.payne
Level 1
Level 1

‎11-03-2016 11:20 AM - edited ‎03-05-2019 07:24 AM

Hello all,

I have a question and I am hoping you can answer it for me.

I have a situation where I am going to have a isr 1941 connected to an ASA 5508.

The public IP for the outside interface of the router and the ASA need to be on the same /29. This will mean my connection will have to pass through my inside interface of the Router. 

I know it can be done, I just cant find the right article to show me examples.

Also I need a good article that can show me how to pass traffic from the ASA to the Router if my router will be at the border and the ASA is behind it.

Labels:
0 Helpful
6 Replies 6

Georg Pauwen
VIP
VIP

‎11-03-2016 12:38 PM

Gregory,

can you post a brief topology map indicating how your router and the ASA are connected and which interface on the router needs access (to what, the Internet) ?

0 Helpful

gregory.payne
Level 1
Level 1
In response to Georg Pauwen

‎11-03-2016 01:24 PM

Topology is as follows

Internet 184.90.180.129/29

     -

     -

     -

Router   (outside int) 180.90.180.134/29

              (inside int) this is where i need help

    -

    -

    -

    -

ASA (Outside int) 180.90.180.130/29

        (inside int) 10.10.10.1/24

0 Helpful

Georg Pauwen
VIP
VIP
In response to gregory.payne

‎11-03-2016 02:08 PM

Sorry again for the confusion, but how is your ASA connected to the router ? You would obviously only need a public IP address on the ASA outside interface if it were connected to the Internet.

0 Helpful

gregory.payne
Level 1
Level 1
In response to Georg Pauwen

‎11-03-2016 02:17 PM

This is why I need the help. For the time being the outside interface of the ASA has to keep the public ip for VPN purposes. We are transitioning to Azure and are trying to cutover but the meshed network that is using the ASA as its VPN needs to stay up until the end. 

we should be able to pass the traffic through.

0 Helpful

Georg Pauwen
VIP
VIP
In response to gregory.payne

‎11-03-2016 02:27 PM

Hello,

I also found this older article on how to add a secondary IP address to an outside interface of an ASA. Have a look and give it a try...

http://www.ducea.com/2008/05/31/adding-a-secondary-ip-address-on-a-cisco-asa-ethernet-interface/

0 Helpful

Georg Pauwen
VIP
VIP
In response to Georg Pauwen

‎11-03-2016 02:17 PM

On the ASA, the global config command:

arp permit-nonconnected

allows for ARP requests and ARP responses from ARP packets that are not on the same subnet as the connected interface.

I am not sure how this would work in your case, but assuming that the inside interface of your router is configured with an IP address, enable the arp permit-nonconnected feature on the ASA and check if you can reach the network on the inside of the router (obviously don't forget to add the default route on the ASA pointing to the IP address of the inside interface of the router, since that is your next hop)...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card