03-19-2007 03:32 AM - edited 03-05-2019 02:58 PM
Dear All,
I have Cisco 1841 Router with e ports - fa0/0 and 0/1.
0/0 is configured for vlan trunking and 4 subnets are configured.
default gateway for router is inside IP of Pix 506 e 6.3(4).
The IP details are below.
Fa0/0 - 192.168.165.91
0.1 - 192.168.20.1
0.2 - 192.168.30.1
0.3 - 192.168.40.1
fa0/1 - 192.168.60.1 connected to ASA
default gateway - 192.168.165.1
Inter-vlan routing is working fine and hosts are able to ping e/o but not to 192.168.165.1.
I have to give all PC under vlans access to internet.
Now I want to use fa0/1 to access internet from all vlans.
But I'm unable to ping from fa0/1 to ASA 's IP.
Any help on this.
Many Thanks,
Siddhartha
03-19-2007 03:44 AM
Siddhartha,
Please paste a network diagram.Where is pix506 connected ? ASA is connected to FA0/1, what is the inside ip address of the ASA interfaces.
Do you have static routes configured on ASA for the vlan traffic on the ASA? You have to configured reverse router on ASA i.e
route inside
Do it for all the vlans and also configured the ACL to allow the ICMP traffic from ASA to the respective vlans.
-amit singh
03-19-2007 04:13 AM
Hi Amit,
Thanks for reply. The complete network diagram is below.
VLANs--->Router(Inside192.168.165.91)--default gateway-> Pix1(same subnet.1) --> outside (public IP)
Router port fa0/1(192.168.60.2)-->ASA Gig0/2( 192.168.60.1) ASA 0/0 - Public IP.
Router is being used for Intervlan routing with RIP configured for all VLAN subnet and 192.168.165.0 subnet.
I want to use the fa0/1 on router to access Internet from VLANs.
Default route in VLan router is pointing to Pix (.1).
can you please tell the configuration commands?
I'm also online on skype - sid_lochan
Many thanks,
Siddhartha
03-19-2007 03:57 AM
first of all would u explane what ASA is pls.
Second ur saying that trunking is working.
If ur Ethernet ports are 100mb then it's oke, but if the are 10 mb i'm amased that the trunk is working cause the trunk must be at least 100mb.
Third i see that ur using 192.168.165.1 and 192.168.20.91
My question is in what vlan are the sub int 0.1, 0.2 and 0.3 cause the there default-gateway need to be in the same subnet.
looking at ur config the sub int need to use the address 192.168.165.91
ciao flash...
ps: paste ur conf if possible pls
03-19-2007 04:23 AM
03-19-2007 04:32 AM
Siddhartha,
Do you still want PIX or not in the picture?
If you want all the vlan traffic to be routed via ASA for internet, then point the default route on the router to the ASA IP. On ASA configure the reverse static routes as mentioned in my previous posts. Once that's is done then you will be OK to access the internet via ASA.
Let me know if you have more questions.
-amit singh
03-19-2007 04:53 AM
Hi Amit,
I get route already connected error on ASA when configuring route.
only one default route is configured on ASA - 0.0.0.0 0.0.0.0 outside (public ip)
its not letting me to insert any route.
Any suggestions.?
Thanks,
Siddhartha
04-20-2007 12:55 PM
hi sid,
i am doing the same config at my customer place. for vlan config customer requirment is 2 router (1841) , i hv configure vlan but not able to connect 2 routers back to back . hsrp is enable , i can't ping router to router.
any suggestion.
Thanks
04-20-2007 01:52 PM
Sid-
I am very confused with your config. You say that FA0/1 is 192.168.60.1 and is connected to your ASA, but in the config the IP address of FA0/1 is 172.16.15.2. Also, the access lists that you have applied to FA0/1 preclude anything from coming to or from 192.168.60.1, wherever that is - it's only allowing UDP from the host 192.168.60.2.
Also, what is the config on your ASA? Perhaps you have ICMP not being allowed on the inside interface?
I'm also confused as to why you are running RIP and also have static routes for the same networks.
Perhaps a diagram might be useful so that we can see what you are trying to achieve.
HTH,
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide