Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1083
Views
0
Helpful
6
Replies

Routing porblem between ASA and L3 Switch

Regk121295
Level 1
Level 1

‎10-21-2018 05:41 PM - edited ‎03-05-2019 10:59 AM

Hello Everyone! Can someone help me? Is an annoying problem that I cannot find.

The part of the topology that is having problem is this:

Capture.PNG 

 

The rest of the topology is find.

I practice this in Packet Tracer and it works but when I do the implementation on real equipment do not work well.

Capture.PNG

 

Those L3 Switches are sharing routing information about the Lans directly connected to them through Vlan 99 Interface. All Fine. All the routing tables have the correct info.

 

When I connect the ASA 5510 8.0(2) and configure it to share Routing Info with the Switch AA, they create Neighbor Relationship but do not share routing information, i skip that with static routes, but, when I try to ping from the host connected to the ASA to outside of his own LAN cannot get a reply. When I ping from the ASA I get replies. On the ASA I use an ACL with Permit Any Any Statement in the Inside Interface and the Outside Interface in the 2 directions, the ACL get some matches but still not getting a reply. Also put the 2 interfaces on the same security level and use the command to permit the communication between the interfaces. 

 

I attach the configuration files of the ASA and the Switch A, maybe someone can help to figure it out what is wrong.

 

New Info:

 

I notice that the Static route that is in the ASA is wrong, I put the outside interface IP and not the next Hop IP ( Vlan10 Interface). This not explain why eigrp is not sharing routes.

 

Also, I was thinking about NAT Control, I do not know if it is enable by default, when I have access I will modify the route and configure the NAT Control exception. 

Preview file
4 KB
Preview file
14 KB
0 Helpful
6 Replies 6

johnd2310
Level 8
Level 8

‎10-21-2018 08:40 PM

Hi,

  1. Why are you running eigrp stub on switch AA? Remove stub from eigrp on switch AA
  2. To allow ping to router you need to allow icmp using the "icmp permit" command e.g. icmp permit any INSIDE

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Regk121295
Level 1
Level 1
In response to johnd2310

‎10-21-2018 11:00 PM

Hi John, The eigrp stub summay command is activated by default and it permit the EIGRP Stub Routing feature to send summary routes, do you think that this can affect?. Instead only allow icmp packet to pass I use "Permit Any Any" to allow all packets but cannot get a reply.
0 Helpful

johnd2310
Level 8
Level 8
In response to Regk121295

‎10-21-2018 11:11 PM

Hi,

If you are having issues  pinging from inside to outside through the router, then the problem could be with the routing. Since you have installed a static route on the ASA, you might need to configure a static route on switch AA for the network behind the ASA.

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Regk121295
Level 1
Level 1
In response to johnd2310

‎10-22-2018 07:40 AM

Hi John, I also do that.
0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎10-21-2018 08:46 PM

off the ASA, can you paste:

 

show route eigrp

and 

 

show eigrp neighbors

 

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Regk121295
Level 1
Level 1
In response to Dennis Mink

‎10-21-2018 11:03 PM

Unfortunately I Can't, It's equipment that I cannot have access all the time but I can assure that this devices are have dull neighbor relationship and on the ASA routing table only appear the direct connected network
0 Helpful
Customers Also Viewed These Support Documents