11-28-2016 01:44 PM - edited 03-08-2019 08:20 AM
I have plan to connect separate router on Cisco 5505. My main network is 192.168.0.0 and the network on separate router is 192.168.11.0.
I need some help to create routing accessing that 192.168.11.0 network from the main network. Separate router is basic wlan-router with Dhcp server so there is no need to distribute ips from main network to other subnet. How i can do that?
11-28-2016 02:07 PM
Am I correct in understanding that this separate router will connect to one of the interfaces of the ASA5505 which would be configured in a separate vlan and separate subnet on the ASA5505?
If we had some additional information we might be able to provide better suggestions. You mention a main network of 192.168.0.0 but you do not tell us much about it. Is your ASA5505 performing the routing for your main network? Or is there some other device that is doing the routing and that connects to the ASA5505? Perhaps another way of asking this question would be to ask for the PCs in the main network, is their default gateway the interface on the ASA5505 or is it something else?
If the ASA5505 is the default gateway for the PCs in the main network then there is not anything special that you need to do for access to the 192.168.11.0 network from the main network. The PCs on the main network will forward their traffic for 192.168.11.0 to their gateway (ASA5505) and when the ASA receives the packet it will be able to forward to 192.168.11.0 because that will be a connected network on the ASA.
HTH
Rick
11-28-2016 11:31 PM
Thank you.
So, do i have to specify routing rules because there is a separate gateway on the main network (192.168.0.1) or is the 192.168.11.0 network accessible without it?
11-29-2016 06:02 AM
Without more information about how your ASA is configured and about how you intend to implement the new network we are not able to answer this question.
HTH
Rick
11-29-2016 06:56 AM
There is no special configuration at this time, the device is working more or less like a switch.
01-05-2017 02:59 AM
Here is the information, hope this is enough.
Main network
network: 192.168.0.0/24
gw: 192.168.0.1 (this is ASA 5505)
Separate network (D-link router)
wan ip: 192.168.0.24
network: 192.168.11.0/24
gw: 192.168.11.254
There is one interfaces:
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
Static route:
route inside 192.168.11.0 255.255.255.0 192.168.0.24
ACL:
There are two inside rules: one permit all, one deny all (implicit), but the traffic is denied by ACL and can't pass that:
> Deny inbound icmp src inside:192.168.0.21 dst inside:192.168.11.12 (type 8, code 0)
Packet tracer result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Can you now give me some guidance how to resolve this ?
01-05-2017 07:48 AM
The static route that you have posted looks to be ok and should work.
I have some questions about the D-link router and this statement about it
gw: 192.168.11.254
Does the D-link have two interfaces? One interface is the WAN interface with IP 192.168.0.24 and the other interface is for the wireless network? Is the IP of D-link for wireless 192.168.11.254?
And does the D-link have a default route with next hop of 192.168.0.1?
Assuming that you want hosts in the 192.168.0.0 network to communicate with hosts connected to D-link then you will need the configuration to allow same security level intra interface. I am not clear what you have in your access lists, but it sounds like that if you take care of the same security level processing that the access list might work. If it does not then please post more information about what is configured in the access list.
HTH
Rick
01-10-2017 12:31 AM
Does the D-link have two interfaces? One interface is the WAN interface with IP 192.168.0.24 and the other interface is for the wireless network? Is the IP of D-link for wireless 192.168.11.254?
Actually ip 192.168.11.254 is for lan and wlan interfaces and WAN IP is 192.168.0.24.
And does the D-link have a default route with next hop of 192.168.0.1?
It is not necessary to access network 192.168.0.0 from the subnetwork so i think that route is not necessary or is it? D-link router does not even have capability to setting those routes (maybe because it has the wan-port and routing is set up automatically by the software if there are router connected to the wan-port).
I am not clear what you have in your access lists, but it sounds like that if you take care of the same security level processing that the access list might work. If it does not then please post more information about what is configured in the access list.
Yes, i checked that security level but how it can be set to this subnetwork or do i have to define a new interface?
There is currently one inside interface and it's security level is 100.
There are one outside rule and two inside rules in the acl as i told earlier.
Thank you in advance and hope you figure out something what is missing.
01-10-2017 07:58 AM
I think you did not understand my question. You responded "It is not necessary to access network 192.168.0.0 from the subnetwork" but I was not talking about a route to the 192.168.0.0 network. I was asking whether D-link needed a default route.
HTH
Rick
01-26-2017 09:49 PM
So how i am going to get this working?
Do i have to create a new interface for that external router to set up different security level?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide