Unfortunatly, for now I have no access to the gigacube.

There is no DHCP Server active on any ASA interface. All of them are manually configured by me.

For the laptop connected to the ASA gigacube interface I set manually the IP (192.168.8.1 with gw=192.168.8.2 (=ASA gigacube iface IP)), trying to simulate the gigacube.

When the fritzbox was setup also by me, i did not have to change any network config in it. I just assigned the ASA port an IP from the Fritzbox's range, 192.168.178.0, and the internal network could reach it. I assumed that because both (fritzbox and gigacube) are routers, they work the same for the private network connected to them. On the ASA there is however a static route on the fritzbox interface saying 0.0.0.0 with mask 0.0.0.0 gw=fritzbox IP with metric 1. So I tried to create another one for the gigacube iface gw being the gigacube IP and set metric 2. This did not help.

So a static route on the gigacube saying to use gw the ASA port IP for the internal network range should do the job?

Why was this not needed for the fritzbox?

What if the gigacube management interface does not allow static routes?

Hi,

I am a bit confused to your topology. Please correct me if I am wrong.

Your ASA configured 192.168.8.2/24, Gigacube configured 192.168.8.1/24, your client connected to Gigacube will obtains IP address 192.168.8.0/24 with gateway set to 192.168.8.1.

On Gigacube, no routing is configured. So the only route is the directed connecred route (192.168.8.0/24) & default route via WAN/the Internet (0.0.0.0/0).

If that's the case, then:

So a static route on the gigacube saying to use gw the ASA port IP for the internal network range should do the job?

Yes, that's make sense. Otherwise, Gigacube don't know how to route your traffic to 192.168.1.0/24

Why was this not needed for the fritzbox?

That's interesting, unless you have enabled source NAT on ASA (e.g. NAT overload), it should not work. But I don't have experience on Fritzbox, not sure it's has any special feature so that it know how to route 192.168.1.0/24. 

What if the gigacube management interface does not allow static routes?

 Is your Gigacube act as a layer 3 router or layer 2 switch?

192.168.8.2 is Gigacube's management IP? is it a OOB or In-band management IP?

ASA iface to which I connect the gigacube has IP 192.168.8.2/24 (configured manually by me).

Gigacube has only one ethernet port and WLAN. The gigacube always has its own IP 192.168.8.1/24, regardless if connected by ethernet or WLAN, and it sets gw as 192.168.8.1 on the connected device via DHCP.

With gigacube management interface I ment the WebUI of the gigacube to configure it. Currently I do not have access to it, so I do not know if it can do static routes. I am however sure the private IP range can be changed. Regarding the Fritzbox, as said, that one worked right after connecting it to the ASA, I did not touch any of its configurations, except just to expose the ASA to the internet to be able to come in. It could be that the Fritzbox is smarter than the Gigacube, because the one that I have is advertised as a business router. It is a business line.

Is your Gigacube act as a layer 3 router or layer 2 switch?

I don't know how to answer this. Its the default from Vodafone, plug it in and surf away.

Where do I check if source NAT is enabled on ASA? Probably I did not touch this.

I am thinking if the gigacube cannot do static routes, then maybe change its IP so that it is in the internal network. Can it then be used for internet access by the devices on the internal network?
Alternatively connect a simple small router between gigacube and ASA which could do static routes? This would introduce however a new point of failure, and maybe complicate the setup?

Hi,

I am not quite familiar with your Gigacube, so I would wait your checking result of Gigacube.

But just in case adding static route on is not an option. You could consider setup source/static NAT on ASA.

For example, if your server on 192.168.1.0/24 is 192.168.1.100/24 (nameif = internal)
if client on 192.168.8.0/24 is 192.168.8.X (nameif = Gigacube)

nat (internal, Gigacube) source static 192.168.1.100 192.168.8.Y

so, you client on 192.168.8.X can access to 192.168.8.Y which will then translate to 192.168.1.100.

**What you have to make sure is, 192.168.8.Y will not assigned to any client by Gigacube.

If you only need 1-way communication (e.g. from 192.168.1.0/24 to 192.168.8.0/24 and/or 0.0.0.0/0) only. then NAT overload is enough

nat (internal, Gigacube) source dynamic any interface

so i managed to get access to the configuration of the gigacube. there is no option to set static routes.

the two ASA nat configurations you mentioned also did not help.

after reading some more on the vodafone community it seems this gigacube is designed to not be usable with switches or other networking devices.

so it seems this is not a cisco asa topic, thus thank you all for your suggestions.

Would this configuration harm the main internet connection? Because I thought about it, but have no experience with it.
I need to know this because the location of the infrastructure is far away from me, and it is a production environment.

Internet connection cannot break. There is also no qualified staff onsite to help fix any outage.

Hello,

it will add a static route towards the Gigacube. What kind of routing to do you have configured now towards the Gigacube ?

e.g. route Gigacube 0.0.0.0 0.0.0.0 192.168.8.1

There is already a 0.0.0.0/0 route on the fritzbox iface to the fritzbox IP. This is the default on ASA set by me when I set up the location.

Your suggested command errors saying that such a route already exists.

If I add the 0.0.0.0/0 route to the gigacube iface with metric 2 it will get added but internal network still cannot talk to the gigacube.

The routing table has following entry:

C 192.168.8.0 255.255.255.0 is directly connected, gigacube

If you add the static route, does it show up in the routing table as an 'S' route (show route) ?

On a side note, you cannot have two default routes with the same metric. Only one will get installed. I would test this after hours, and add only the static route to the Gigacube.