Solved: Again, apologies, I was in a

john.trinh · ‎03-09-2017

Hi,

I new to this forum so I apologize if I'm in the wrong area.

I have a home lab which consist of TimeWarren Modem-->ASA5510-->2811-->3750

In a nutshell I have two VLANs configured on the 2811 (using subinterfaces); the 2811 is trunked to the 3750 via fa0/1; the other port fa0/0 is connected to the ASA.

I can grab DHCP on the vlans (172.16.100.x /24 and 172.16.200.x/24); however, I can't get to the internet.

For instance, from my server on VLAN100, say 172.16.100.2, I can ping 172.16.100.1 and 172.16.0.2 (the 2811 router); I just can't ping 172.16.0.1 (the uplink to the ASA). Any advise is much appreciated!

And again my applogizes if I'm in the wrong area.

Sincerely,

John Trinh

Jon Marshall · ‎03-10-2017

Your syntax is wrong, it should be -

route WINDOWSDOMAIN 172.16.100.0 255.255.255.0 172.16.0.2

Jon

View solution in original post

Jon Marshall · ‎03-09-2017

Your static routes on the ASA for the internal subnets are using the wrong interface.

Jon

john.trinh · ‎03-09-2017

Hi Jon,

Thank you for the quick response.

Are you referring to this:

route inside 172.16.100.0 255.255.255.0 172.16.0.2
route inside 172.16.200.0 255.255.255.0 172.16.0.2
route inside 172.16.0.0 255.255.255.252 172.16.0.2

Regards,

John Trinh

Jon Marshall · ‎03-09-2017

Yes, sorry should have been more precise.

The first two routes you need but they are referencing the wrong interface ie. it is not the inside interface that connects to your 2811 router.

You don't need the third static route because it is a directly connected network.

Jon

john.trinh · ‎03-10-2017

No worries; thanks for the clarification Jon.

I tried the following but no good:

ASA5510(config)# route iNSIDE 172.16.100.0 255.255.255.0 172.16.0.1
%Invalid next hop address, it belongs to one of our interfaces

ASA5510(config)# route iNSIDE 172.16.100.0 255.255.255.0 outside ^ERROR: % Invalid Hostname

I even tried route iNSIDE 172.16.100.0 255.255.255.0 PublicIP (which took) -- but still no internet connection.

From my server i can ping the 2811's inside interface, but not the outside:
C:\Users\Administrator>ping 172.16.0.1

Pinging 172.16.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 172.16.0.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\Administrator>ping 172.16.0.2

Pinging 172.16.0.2 with 32 bytes of data:
Reply from 172.16.0.2: bytes=32 time=1ms TTL=255
Reply from 172.16.0.2: bytes=32 time<1ms TTL=255
Reply from 172.16.0.2: bytes=32 time<1ms TTL=255
Reply from 172.16.0.2: bytes=32 time=1ms TTL=255

Ping statistics for 172.16.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Users\Administrator>ipconfig

Windows IP Configuration

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::3067:4f12:bc9c:db49%13
IPv4 Address. . . . . . . . . . . : 172.16.200.6
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.200.1

Tunnel adapter isatap.{27EDBE2C-72AB-4CA1-8FA2-C6E83CA28133}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

C:\Users\Administrator>

ASA5510(config)# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is ********** to network 0.0.0.0

C PublicIP PublicSubnet is directly connected, outside
S 172.16.200.0 255.255.255.0 [1/0] via 172.16.0.2, INSIDE
C 172.16.0.0 255.255.255.252 is directly connected, WINDOWSDOMAIN
S 172.16.100.0 255.255.255.0 [1/0] via 172.16.0.2, INSIDE
C 10.10.0.0 255.255.255.0 is directly connected, INSIDE
C 192.168.0.0 255.255.255.0 is directly connected, dmz
d* 0.0.0.0 0.0.0.0 [1/0] via *********, outside
ASA5510(config)#

Thanks in advance!

Jon Marshall · ‎03-10-2017

Again, apologies, I was in a rush so didn't explain it fully.

Your INSIDE interface does not connect to the 2811 router ie. it has a 10.10.x.x IP. The interface on the ASA that connects to the 2811 is WINDOWSDOMAIN so that is the one you should be using in your static routes.

Jon

john.trinh · ‎03-10-2017

No worries; I appreciate all your help Jon.

I tried the following but still no good -- for it did not like the name (kept giving me the carrot up-arrow):

ASA5510# conf t
ASA5510(config)# route inside 172.16.100.0 255.255.255.0 WINDOWSDOMAIN
^
ERROR: % Invalid Hostname
ASA5510(config)# route inside 172.16.100.0 255.255.255.0 nameif WINDOWSDOMAIN
^
ERROR: % Invalid Hostname
ASA5510(config)# route inside 172.16.100.0 255.255.255.0 ?

configure mode commands/options:
Hostname or A.B.C.D The address of the gateway by which the foreign network
is reached.
ASA5510(config)# route inside 172.16.100.0 255.255.255.0 windowsdomain
^
ERROR: % Invalid Hostname
ASA5510(config)#

Thank you in advance!

Jon Marshall · ‎03-10-2017

Your syntax is wrong, it should be -

route WINDOWSDOMAIN 172.16.100.0 255.255.255.0 172.16.0.2

Jon

john.trinh · ‎03-11-2017

OMG!! It works!!!!

Thank you so much Jon!!

You the man!!

I owe you a debt of gratitude!

I'm a newbie so please forgive me for my excitement lol.

I could not wrap the concept of "route inside....." until you revealed that it should be "route nameif network subnet interface".

Now I can start with my Hyper-V failover clusters yes!!

Sincerely,

John Trinh

Jon Marshall · ‎03-12-2017

No problem, happy to have helped :)

Jon

TimeWarren Modem-->ASA5510-->2811-->3750 No Internet