01-09-2012 07:41 PM - edited 03-07-2019 04:14 AM
Topology:
Internet—ASA5550—Cisco4503—Cisco2960—PC
| |
Cisco4503—Cisco2960—PC
Probably the same with this.
Dynamic routing to avoid,Here I do not know how ASA to write a static route
ASA is used to connect two Cisco4503 router interface and configure IP, which is a different network segment.
Please enlighten me!thanks.
The rookie from China—郝朝旭
01-10-2012 12:51 AM
Hi,
What do you want to know exactly ?
Regards.
Alain
01-10-2012 05:21 PM
Hi, Alain
ASA Connection 4503, ASA interface IP address are:192.168.100.1,192.168.200.1
The first 4503 points to 192.168.100.1 Default Gateway
Another 4503 points to 192.168.200.1 Default Gateway
ASA to 4503 in both the static route how to write?
My English sucks, some expression is not very clear, please understand what
郝
01-10-2012 05:44 PM
No, your English doesn't suck.
A couple of questions:
1-Are you using the 2960 and 4503 switches as layer-2 devices?
2-What device is the default gateway for your PCs (4503 or ASA)?
If the ASA is the default gateway for your PCs, you don't need any static route toward the inside of your network. You just need a default router towards the outside
HTH
01-10-2012 06:04 PM
Hi
Here the 2960 is a Layer 2 access devices, 4503 is a Layer 3 core devices
All PC's default gateway point to the HSRP virtual IP address.
Hao
01-10-2012 06:29 PM
Ok, so you need a static route on the ASA pointing to the 4503 for the lan subnet and also a default route towards the Internet
Here is the config guide on how to configure static routes:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ip.html#wp1047894
HTH
01-10-2012 07:01 PM
The PC Network segment is 192 168. 0.0 / 24,ASA Connection 4503, 4503 interface IP address are:192.168.100.2,192.168.200.2
Write in the 4503
4503_ative:
interface Vlan10
ip address 192.168.0.3 255.255.255.0
standby 1 ip 192.168.0.1
standby 1 priority 200
standby 1 preempt
ip route 0.0.0.0 0.0.0.0 192.168.100.1
4503_standby:
interface Vlan10
ip address 192.168.0.2 255.255.255.0
standby 1 ip 192.168.0.1
standby 1 preempt
ip route 0.0.0.0 0.0.0.0 192.168.200.1
PC:
ip 192.168.0.10
mask 255.255.255.0
gateway 192.168.0.1
Write in the ASA
route ative 192.168.0.0 255.255.255.0 192.168.100.2
route standby 192.168.0.0 255.255.255.0 192.168.200.2
route outside 0.0.0.0 0.0.0.0 *.*.*.* 1
So write right?
If, 192.168 100. 0 / 24 link down
Data flow will be from 192 168. 200.0 / 24 go?
Hao
01-10-2012 09:59 PM
Could you create VLAN 20 on the ASA, put both ASA "inside" interfaces in VLAN20, configure VLAN20 on both 4503s, and then use only 192.168.100.... as the subnet for the link in to your 4503s?
Also, your 2960s are inter-connected, right?
01-11-2012 01:03 AM
The Routes on ASA can be created by.
Route
Please create VLANs In ASA itself.
interface Ethernet4.10
description *** Test***
vlan 10
nameif Test
security-level 80
ip address 192.168.100.x 255.255.255.0
interface Ethernet4.20
description *** Test***
vlan 20
nameif Test
security-level 80
ip address 192.168.200.x 255.255.255.0
Create it and if you want inter vlan communication permit under interface using ACLs and use same security-level traffic permit intra-interface to avoid NAT.
01-11-2012 01:08 AM
The Routes on ASA can be created by.
Route
Please create VLANs In ASA itself.
interface Ethernet4.10
description *** Test***
vlan 10
nameif Test
security-level 80
ip address 192.168.100.x 255.255.255.0
interface Ethernet4.20
description *** Test***
vlan 20
nameif Test
security-level 80
ip address 192.168.200.x 255.255.255.0
Create it and if you want inter vlan communication permit under interface using ACLs and use same security-level traffic permit intra-interface to avoid NAT.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide