Hi, am a newb with IOS routers, so I think I have a simple mistake somewhere in my routing config. Have two LAN interfaces and one WAN. LAN interface routes to internet with no issues. It is connected to Core Switch via an access vlan. DMZ interf...
Hi,New the world of FirePower and FMC. Have a Firepower 2100 appliance between my main router and Core Network switch. Have an IPSec Site to Site VPN back to HQ that terminates on my main router. In my FirePower Access Policy I have rules that ca...
Hi all,Very unusual situation, but am searching for temp solution. See attached diagram. Have an ASA with trunked interface. Have vlans 208 (192.168.208.0/24), and vlan 205 (172.16.204.0/22). The two vlans can communicate with each other fine. H...
Hi all,Am making the transition from an ASA to a Cisco ISR Router. Trying to figure out how to transition all my PAT rules from ASA format to ISR. On ASA I am doing PAT on a public IP to three different mail clients on my LAN. The public IP is on the...
Well, after four hours on the phone with TAC and two different engineers, we have a solution. Nothing wrong at all with my config. Am embarrassed to admit this, but the problem turned out to be a Windows 10 firewall on the laptop I was using ...
Well, unfortuneately that did not work. I understand your thinking though. I think the issue is definitely a layer 2, layer 3 confusion thing. If I put a gateway on the core switch for vlan 15, it would work. However if I do that all Vlans will b...
Hi Paul, I did post part of the config of my core switch in my first post. I think you have been thinking some of the static routes on my core switch were on my ISR router. Here it is the relevant portion of config on my core switch. I will try yo...
Correct. 172.16.200.0/22 accesses the internet through the ASA. The 192.168.8.0 network is basically for routers, firewalls, etc. I did try removing the entry on the NAT_ACL, but that did not make a difference. Originally put it there because I th...
Correct, 172.16.200.0/22 (vlan 200) has its gateway on 3850 and is indirectly connected to ISR via ISR gi 0/0/2. It should be able to reach the ISR via static routing over vlan 8. Yes I can ping 8.0 network from ISR router. As I understand it, my ...
