03-28-2012 03:12 AM - edited 03-07-2019 05:49 AM
The below configuration is not working, i can't ping on the ASA to router
What is missing with the below configuration.
Should i create VLANs and subinterfaces on the router also?
Cisco ASA configuration
interface ethernet 0/0
no ip address
no security-level
no nameif
!
interface ethernet 0/0.1
ip address 172.30.1.1 255.255.255.0
vlan 444
nameif internet1
security-level 10
!
interface ethernet 0/0.2
ip address 172.30.2.1 255.255.255.0
vlan 445
nameif internet1
security-level 10
Cisco Router configuration
interface gigaetherent 0/0
ip address 172.30.1.2 255.255.255.0
ip address 172.30.2.2 255.255.255.0 secondary
Cisco Switch configuration
interface fastethernet 0/1
description"router"
switchport mode trunk
!
interface fastethernet 0/2
description"ASA"
switchport mode trunk
03-28-2012 05:32 AM
Hi,
How is the physical connectivity?
It would be better to have a diagram.
Are those two Router, Firewall are connected to Switch or back to back?
Please rate all the helpfull posts.
Regards,
Naidu.
03-28-2012 05:44 AM
Both router and firewall and connected to the switch 2960
firewall have subinterfaces and the router only have one main interface
03-29-2012 12:27 AM
Hmm, it looks strange, as long as they are in smae subnet they should ping each other.
Did you try to connect the Firewall and Router connect without switch and try ping?
Did you try to ping from Firewall to Router?
How is the routing in Router, where is the default route (0.0.0.0 0.0.0.0 xxxxxx)?
There might be icmp blocked on the Firewall.
Can you post the complete config of both ASA and Router?
Please rate all the helpfull posts.
Regards,
Naidu.
03-29-2012 12:59 AM
Hi,
please try the follwoing on your router
Cisco Router configuration
!
interface gigaetherent 0/0
no ip address 172.30.1.2 255.255.255.0
no ip address 172.30.2.2 255.255.255.0 secondary
!
interface gigaetherent 0/0.444
encapsilation dot1q 444
ip address 172.30.1.2 255.255.255.0
no shutdown
!
interface gigaetherent 0/0.445
encapsilation dot1q 445
ip address 172.30.2.2 255.255.255.0
no shutdown
!
On your switch, do a "show vlan" to verify that vlan 444,445 is created there, too.
regards Dirk
btw: rate if helpful
03-29-2012 08:17 PM
check if the L2 vlans are created
and if you are using subinterface with dot1q in the FW use same concept in the router as described in the above post and make sure the L2 vlans created in the switch and allowed over the trunk port
also in the trunk port interface make sure to use dot1q as the trunk encapsulation by configuring it in the interface level
hope this help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide