cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
228
Views
7
Helpful
9
Replies
Highlighted
Beginner

Cisco 5505, static route to other subnet on same network

I have plan to connect separate router on Cisco 5505. My main network is 192.168.0.0 and the network on separate router is 192.168.11.0.

I need some help to create routing accessing that 192.168.11.0 network from the main network. Separate router is basic wlan-router with Dhcp server so there is no need to distribute ips from main network to other subnet. How i can do that?

9 REPLIES 9
Highlighted
Hall of Fame Guru

Am I correct in understanding that this separate router will connect to one of the interfaces of the ASA5505 which would be configured in a separate vlan and separate subnet on the ASA5505?

If we had some additional information we might be able to provide better suggestions. You mention a main network of 192.168.0.0 but you do not tell us much about it. Is your ASA5505 performing the routing for your main network? Or is there some other device that is doing the routing and that connects to the ASA5505? Perhaps another way of asking this question would be to ask for the PCs in the main network, is their default gateway the interface on the ASA5505 or is it something else?

If the ASA5505 is the default gateway for the PCs in the main network then there is not anything special that you need to do for access to the 192.168.11.0 network from the main network. The PCs on the main network will forward their traffic for 192.168.11.0 to their gateway (ASA5505) and when the ASA receives the packet it will be able to forward to 192.168.11.0 because that will be a connected network on the ASA.

HTH

Rick

HTH

Rick
Highlighted

Thank you.

So, do i have to specify routing rules because there is a separate gateway on the main network (192.168.0.1) or is the 192.168.11.0 network accessible without it?

Highlighted

Without more information about how your ASA is configured and about how you intend to implement the new network we are not able to answer this question.

HTH

Rick

HTH

Rick
Highlighted

There is no special configuration at this time, the device is working more or less like a switch.

Highlighted

Here is the information, hope this is enough.

Main network
network: 192.168.0.0/24
gw: 192.168.0.1 (this is ASA 5505)

Separate network (D-link router)
wan ip: 192.168.0.24
network: 192.168.11.0/24
gw: 192.168.11.254

There is one interfaces:
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.0.1 255.255.255.0

Static route:
route inside 192.168.11.0 255.255.255.0 192.168.0.24

ACL:
There are two inside rules: one permit all, one deny all (implicit), but the traffic is denied by ACL and can't pass that:

> Deny inbound icmp src inside:192.168.0.21 dst inside:192.168.11.12 (type 8, code 0)

Packet tracer result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule


Can you now give me some guidance how to resolve this ?

Highlighted

The static route that you have posted looks to be ok and should work.

I have some questions about the D-link router and this statement about it

gw: 192.168.11.254

Does the D-link have two interfaces? One interface is the WAN interface with IP 192.168.0.24 and the other interface is for the wireless network? Is the IP of D-link for wireless 192.168.11.254?

And does the D-link have a default route with next hop of 192.168.0.1?

Assuming that you want hosts in the 192.168.0.0 network to communicate with hosts connected to D-link then you will need the configuration to allow same security level intra interface. I am not clear what you have in your access lists, but it sounds like that if you take care of the same security level processing that the access list might work. If it does not then please post more information about what is configured in the access list.

HTH

Rick

HTH

Rick
Highlighted

Does the D-link have two interfaces? One interface is the WAN interface with IP 192.168.0.24 and the other interface is for the wireless network? Is the IP of D-link for wireless 192.168.11.254?

Actually ip 192.168.11.254 is for lan and wlan interfaces and WAN IP is 192.168.0.24.

And does the D-link have a default route with next hop of 192.168.0.1?

It is not necessary to access network 192.168.0.0 from the subnetwork so i think that route is not necessary or is it? D-link router does not even have capability to setting those routes (maybe because it has the wan-port and routing is set up automatically by the software if there are router connected to the wan-port).

I am not clear what you have in your access lists, but it sounds like that if you take care of the same security level processing that the access list might work. If it does not then please post more information about what is configured in the access list.

Yes, i checked that security level but how it can be set to this subnetwork or do i have to define a new interface?

There is currently one inside interface and it's security level is 100.

There are one outside rule and two inside rules in the acl as i told earlier.

Thank you in advance and hope you figure out something what is missing.

Highlighted

I think you did not understand my question. You responded "It is not necessary to access network 192.168.0.0 from the subnetwork" but I was not talking about a route to the 192.168.0.0 network. I was asking whether D-link needed a default route.

HTH

Rick

HTH

Rick
Highlighted

So how i am going to get this working?

Do i have to create a new interface for that external router to set up different security level?

Content for Community-Ad