cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1703
Views
0
Helpful
5
Replies

Connect Cisco ASA 5510 to Cisco Router 3825 via Cisco switch 2960

The below configuration is not working, i can't ping on the ASA to router

What is missing with the below configuration.

Should i create VLANs and subinterfaces on the router also?

Cisco ASA configuration

interface ethernet 0/0

no ip address

no security-level

no nameif

!

interface ethernet 0/0.1

ip address 172.30.1.1 255.255.255.0

vlan 444

nameif internet1

security-level 10

!

interface ethernet 0/0.2

ip address 172.30.2.1 255.255.255.0

vlan 445

nameif internet1

security-level 10

Cisco Router configuration

interface gigaetherent 0/0

ip address 172.30.1.2 255.255.255.0

ip address 172.30.2.2 255.255.255.0 secondary

Cisco Switch configuration

interface fastethernet 0/1

description"router"

switchport mode trunk

!

interface fastethernet 0/2

description"ASA"

switchport mode trunk

5 Replies 5

Latchum Naidu
VIP Alumni
VIP Alumni

Hi,

How is the physical connectivity?
It would be better to have a diagram.

Are those two Router, Firewall are connected to Switch or back to back?


Please rate all the helpfull posts.
Regards,
Naidu.

Both router and firewall and connected to the switch 2960

firewall have subinterfaces and the router only have one main interface

Hmm, it looks strange, as long as they are in smae subnet they should ping each other.
Did you try to connect the Firewall and Router connect without switch and try ping?
Did you try to ping from Firewall to Router?
How is the routing in Router, where is the default route (0.0.0.0 0.0.0.0 xxxxxx)?
There might be icmp blocked on the Firewall.
Can you post the complete config of both ASA and Router?


Please rate all the helpfull posts.
Regards,
Naidu.


Hi,

please try the follwoing on your router

Cisco Router configuration

!

interface gigaetherent 0/0

no ip address 172.30.1.2 255.255.255.0

no ip address 172.30.2.2 255.255.255.0 secondary

!

interface gigaetherent 0/0.444

encapsilation dot1q 444

ip address 172.30.1.2 255.255.255.0

no shutdown

!

interface gigaetherent 0/0.445

encapsilation dot1q 445

ip address 172.30.2.2 255.255.255.0

no shutdown

!

On your switch, do a "show vlan" to verify that vlan 444,445 is created there, too.

regards Dirk

btw: rate if helpful

regards, Dirk (Please rate if helpful)

Marwan ALshawi
VIP Alumni
VIP Alumni

check if the L2 vlans are created

and if you are using subinterface with dot1q in the FW use same concept in the router as described in the above post and make sure the L2 vlans created in the switch and allowed over the trunk port

also in the trunk port interface make sure to use dot1q as the trunk encapsulation by configuring it in the interface level

hope this help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: