- Posts: 1
- Thank you received: 0
Cisco ISR Router configuration
16 years 6 months ago #26305
by hot_ice
Cisco ISR Router configuration was created by hot_ice
Please help. How do I configure my cisco router and my asa firewall to allow 2 different networks to communicate to each other?
Scenario:
Internet
|
|
ASA5510<---->Router(ISR)<
>Network A
|
|
Network B
Network A
192.168.20.x/24
w/ VLAN enabled
Network B
10.0.0.0/8
My cisco ISR router interface eth0 is directly connected to my ASA’s eth2 interface. While Network B is directly is connected to my ASA firewall’s eth1 interface. Both interfaces have been configured with the same security level (100).
Should I configure RIP next or EIGRP in my ISR router to allow the comunication? Please advice.
Thanks!
Scenario:
Internet
|
|
ASA5510<---->Router(ISR)<
>Network A
|
|
Network B
Network A
192.168.20.x/24
w/ VLAN enabled
Network B
10.0.0.0/8
My cisco ISR router interface eth0 is directly connected to my ASA’s eth2 interface. While Network B is directly is connected to my ASA firewall’s eth1 interface. Both interfaces have been configured with the same security level (100).
Should I configure RIP next or EIGRP in my ISR router to allow the comunication? Please advice.
Thanks!
- skepticals
- Offline
- Elite Member
Less
More
- Posts: 783
- Thank you received: 0
16 years 6 months ago #26313
by skepticals
Replied by skepticals on topic Re: Cisco ISR Router configuration
Is your problem only with the connectivity between Network A and Network B? Do you already have access to the Internet?
16 years 6 months ago #26319
by Elohim
Replied by Elohim on topic Re: Cisco ISR Router configuration
Same security levels will never talk to each other. Cisco has a feature that allows same security levels to talk to each other, but you cannot use any ACLs. they appear to be in the same security zone but just on different interface.
Please help. How do I configure my cisco router and my asa firewall to allow 2 different networks to communicate to each other?
Scenario:
Internet
|
|
ASA5510<---->Router(ISR)<
>Network A
|
|
Network B
Network A
192.168.20.x/24
w/ VLAN enabled
Network B
10.0.0.0/8
My cisco ISR router interface eth0 is directly connected to my ASA’s eth2 interface. While Network B is directly is connected to my ASA firewall’s eth1 interface. Both interfaces have been configured with the same security level (100).
Should I configure RIP next or EIGRP in my ISR router to allow the comunication? Please advice.
Thanks!
- skepticals
- Offline
- Elite Member
Less
More
- Posts: 783
- Thank you received: 0
16 years 6 months ago #26327
by skepticals
Replied by skepticals on topic Re: Cisco ISR Router configuration
That's what I was thinking...
- MatthewUHS
- Offline
- Junior Member
Less
More
- Posts: 39
- Thank you received: 0
16 years 6 months ago #26357
by MatthewUHS
Wires and fires has become wireless and tireless.
Replied by MatthewUHS on topic Re: Cisco ISR Router configuration
Consider this scenario?
inet---wic0 --- fa0/0---ASA---net A
net b--wic1--- fa0/1 --- net A
route and ACL on each interface pairing. This is considering one (net a or b) is over a WAN.
Plus IMHO, if you are using an ISR, why have an ASA if you can enable CBAC on the ISR?
inet---wic0 --- fa0/0---ASA---net A
net b--wic1--- fa0/1 --- net A
route and ACL on each interface pairing. This is considering one (net a or b) is over a WAN.
Plus IMHO, if you are using an ISR, why have an ASA if you can enable CBAC on the ISR?
Wires and fires has become wireless and tireless.
16 years 6 months ago #26364
by Elohim
Replied by Elohim on topic Re: Cisco ISR Router configuration
Well if you choose to run just an ISR with some cbac to protect your business assets, that's certainly your choice. For a small enterprise, that could work, but I would not trust any business assets to a router. It takes a lot of work to get a router to provide some false sense of security, but it only takes the power button to get an asa to provide the same sense of false security.
Consider this scenario?
inet---wic0 --- fa0/0---ASA---net A
net b--wic1--- fa0/1 --- net A
route and ACL on each interface pairing. This is considering one (net a or b) is over a WAN.
Plus IMHO, if you are using an ISR, why have an ASA if you can enable CBAC on the ISR?
Time to create page: 0.134 seconds