ASA 5545 & L3 configuration help - Page 4

sachinc01 · ‎12-30-2016

Hi,

Please read following configuration & Issue & please help to resolve this.(Network Structure Router to ASA to L3 Switch)

Router 3945

R1 WAN 10.84.35.202/30
R1 LAN 10.84.35.211/28 (Primary router)

ASA (5545):-10.84.35.210/28 Outside
10.84.35.65/26 Inside
Default route for 0.0.0.0 0.0.0.0 10.84.35.211

L3:- L3 VLAN on Switch
Vlan 2 10.84.32.1/23
Vlan 3 10.84.34.1/24
Vlan 4 10.84.35.1/26
VLAN 5 10.84.35.65/26

In this case from ASA i will be reach to router (35.211 & 202) & switch (10.84.35.66)
From router able to reach ASA (10.84.35.210) & Switch also able to rech 10.84.35.65

Issue:- From L3 Switch uable to reach 10.84.35.210 (ASA) & router (10.84.35.211 )also

So some can help me what configuration i wil ned to reach ASA outside interface & Router
From L3 Switch....

Sachin

sachinc01 · ‎12-30-2016

HI ,

Please find ASA config & guide me.

sachinc01 · ‎12-30-2016

Hi ,

Please reply waiting from your reply ...

Georg Pauwen · ‎12-30-2016

Hello,

in your initial post, you stated that the outside interface of the ASA was configured with:

ASA (5545):-10.84.35.210/28 Outside

However, the running config of your ASA shows that the IP address is 10.84.35.213. Also, you have a failover IP address.

interface GigabitEthernet0/1
description "Connected to R1"
management-only
nameif OUTSIDE1
security-level 0
ip address 10.84.35.213 255.255.255.240 standby 10.84.35.209. The default route on your ASA:

route OUTSIDE1 0.0.0.0 0.0.0.0 10.84.35.209 1

points to the standby address and not to the next hop on R1. Is the IP address of R1, on the interface that is connected to the ASA, 10.84.35.211/28 as originally posted ? And is there a secondary router ?

What happens if you change:

route OUTSIDE1 0.0.0.0 0.0.0.0 10.84.35.209 1

to

route OUTSIDE1 0 0 10.84.35.211

Post the running config of R1 and the config of any secondary router as well.

sachinc01 · ‎12-30-2016

Hi Sir,

You are right this is not 211 it is 210 last time I have add 210 route on switch.

Its some mistake I ask 211 route but add 210 route.

Yes here is 2 router but second router not in picture it directly connected to L3 & process is up when another ASA come then it will be in picture

Please find router config..I think something is wrong on ASA Or need to add route please guide & suggest for closed this case

paul driver · ‎12-30-2016

Hello

just to confirm --- L3 <>ASA<>WAN rtr

From your post and the SW config it looks like vlan 4-5 are the wrong way around.

The SW is connected to the ASA via vlan 4 on either port gig1/0/10 or 11 (10.84.35.66/26) so if this is correct then it's default should be

IP route 0.0.0.0 0.0.0.0 10.84.35.65

Can you post the ASA config to cross check that also

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Tausif Gaddi · ‎01-11-2017

To setup layer 3 switch to ASA communication you could assign a default gateway to your SVIs and have a default route pointing to the IP of your ASAs inside interface.

Plug in your ASA into f0/1 on the switch and assign it to a vlan. 10.1.1.1 should be the IP on the ASA interface.