Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4196
Views
12
Helpful
37
Replies

Router/Switch after Firewall

ISSM
Level 1
Level 1

‎05-19-2023 06:18 AM

Hello,

My current setup that's working is ISP > Firewall (DHCP Server/NAT/ACL) > Switch > Computers.

I want to put a Router between the Firewall and Switch even though I know it's not needed, but we paid for it.

Firewall "Inside" > Router's G0/0/0 and G0/0/1 to Switch.  Router and Switch are open with no configuration.

All computers gets an IP address, but no access to the internet.  On router, I did an ip route 0.0.0.0 0.0.0.0 192.160.0.1 (Firewall Gateway IP).

What am I doing wrong?

Labels:
37 Replies 37

ISSM
Level 1
Level 1
In response to MHM Cisco World

‎05-23-2023 06:43 AM

So I got the DHCP server working on the router and my clients gets an ip address from 192.168.1.0/24.  However, no internet access.  I think I have an issue with routing between Cisco FTDand Router.

Our windows server (DC/DNS) is on another subnet...192.168.0.0/25.  Is this an issue?

I have attached the Router/FTD running config.

 

Preview file
4 KB
Preview file
6 KB
0 Helpful

MHM Cisco World
VIP
VIP
In response to ISSM

‎05-23-2023 06:47 AM 

nat (inside,outside) source dynamic any-ipv4 interface
nat (inside,inside) source dynamic any-ipv4 Router_to_firewall

it not DNS issue it NATing 
you here only NAT the subnet between FTD and router 
you need to add object-group for LAN subnet and then add dynamic NAT under it 

0 Helpful

ISSM
Level 1
Level 1
In response to MHM Cisco World

‎05-23-2023 07:59 AM

So I added an object-group for LAN subnet (192.168.1.0/24).  What would be the original and translated packets for source/destination address?

Would this be nat (inside,outside) source dynamic Lan Subnet interface?

0 Helpful

MHM Cisco World
VIP
VIP
In response to ISSM

‎05-23-2023 08:01 AM

LAN subnet is 192.168.1.0 or 192.168

0.0 ??

0 Helpful

ISSM
Level 1
Level 1
In response to MHM Cisco World

‎05-23-2023 08:03 AM

192.168.1.0

MHM Cisco World
VIP
VIP
In response to ISSM

‎05-23-2023 08:10 AM

Go head add 192.168.1.0 object group and config NAT 

Interface will be (inside,outside)

0 Helpful

M02@rt37
VIP
VIP
In response to ISSM

‎05-23-2023 06:58 AM - edited ‎05-23-2023 06:59 AM

Hello @ISSM,

On your FTD, based on the conf of your post [‎05-23-2023 06:43 AM]

[route inside 0.0.0.0 0.0.0.0 192.168.1.1 10]

is not [route inside 0.0.0.0 0.0.0.0 192.168.0.2 10] ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Flavio Miranda
VIP
VIP

‎05-23-2023 09:10 AM

Hi

 "What am I doing wrong?"

 "...I want to put a Router between the Firewall and Switch even though I know it's not needed, but we paid for it."

Basically that´s what you are doind wrong.

 

Customers Also Viewed These Support Documents