Skip to main content

Cisco ISR Router configuration

More
16 years 6 months ago #26305 by hot_ice
Please help. How do I configure my cisco router and my asa firewall to allow 2 different networks to communicate to each other?

Scenario:

Internet
|
|
ASA5510<---->Router(ISR)<
>Network A
|
|
Network B


Network A
192.168.20.x/24
w/ VLAN enabled


Network B
10.0.0.0/8

My cisco ISR router interface eth0 is directly connected to my ASA’s eth2 interface. While Network B is directly is connected to my ASA firewall’s eth1 interface. Both interfaces have been configured with the same security level (100).

Should I configure RIP next or EIGRP in my ISR router to allow the comunication? Please advice.

Thanks!
More
16 years 6 months ago #26313 by skepticals
Is your problem only with the connectivity between Network A and Network B? Do you already have access to the Internet?
More
16 years 6 months ago #26319 by Elohim
Same security levels will never talk to each other. Cisco has a feature that allows same security levels to talk to each other, but you cannot use any ACLs. they appear to be in the same security zone but just on different interface.

Please help. How do I configure my cisco router and my asa firewall to allow 2 different networks to communicate to each other?

Scenario:

Internet
|
|
ASA5510<---->Router(ISR)<


>Network A
|
|
Network B


Network A
192.168.20.x/24
w/ VLAN enabled


Network B
10.0.0.0/8

My cisco ISR router interface eth0 is directly connected to my ASA’s eth2 interface. While Network B is directly is connected to my ASA firewall’s eth1 interface. Both interfaces have been configured with the same security level (100).

Should I configure RIP next or EIGRP in my ISR router to allow the comunication? Please advice.

Thanks!

More
16 years 6 months ago #26327 by skepticals
That's what I was thinking...
More
16 years 6 months ago #26357 by MatthewUHS
Consider this scenario?

inet---wic0 --- fa0/0---ASA---net A
net b--wic1--- fa0/1 --- net A

route and ACL on each interface pairing. This is considering one (net a or b) is over a WAN.

Plus IMHO, if you are using an ISR, why have an ASA if you can enable CBAC on the ISR?

Wires and fires has become wireless and tireless.
More
16 years 6 months ago #26364 by Elohim
Well if you choose to run just an ISR with some cbac to protect your business assets, that's certainly your choice. For a small enterprise, that could work, but I would not trust any business assets to a router. It takes a lot of work to get a router to provide some false sense of security, but it only takes the power button to get an asa to provide the same sense of false security.

Consider this scenario?

inet---wic0 --- fa0/0---ASA---net A
net b--wic1--- fa0/1 --- net A

route and ACL on each interface pairing. This is considering one (net a or b) is over a WAN.

Plus IMHO, if you are using an ISR, why have an ASA if you can enable CBAC on the ISR?

Time to create page: 0.134 seconds