Skip to main content

routing table

More
17 years 3 weeks ago #24202 by armani
routing table was created by armani
Hi all,
I have cisco asa 5505. I want to attach it to the other network that is already configured and connected to the internet. the other network contains two switches, two routers and a firewall. a switch1 connects to router1 and router1 connects to a switch2 then it connects to router2 and router2 connects to a firewall that is connected to the internet. I attached my asa5505 to the router1by doing the routing table through a switch1 but it didn't connect to the internet. Can somebody tell me what the wrong was?

I'll explain more about the netwok topology that is already configured as follows:
switch1 is between router1 and router2 while switch2 is between router2 and asa 5505 that I want to attach it to router2
router2 has two interfaces:
fastethernet0/0 (10.3.3.1)
fastethernet0/1 (10.2.2.254)

router1 has two interfaces:
fastethernet0/0 (10.2.2.1)
fastethernet0/1 (10.1.1.2)

PIX 501firewall has two interfaces:
inside interface is 10.0.0.0 and contains (10.2.2.0 and 10.3.3.0 and 10.1.1.1)
outside interface 0.0.0.0 and contains (10.1.1.0 and 141.218.143.0 and 141.218.143.168)

the internet ip address is 141.218.143.168
my asa 5505 configuration has two interfaces
fastethernet0/0 (10.7.7.2)
fastethernet0/1 (10.3.3.3)

I used ip route is 0.0.0.0 0.0.0.0 connected via 10.3.3.3 fastethernet0/1 and I used ip route 0.0.0.0 0.0.0.0 connected via 10.3.3.1 fastethernet0/0 but it did not work.

what I want is attach asa 5505 to router2 through a switch2 and connects to the internet through this network.
More
17 years 2 weeks ago #24208 by Elohim
Replied by Elohim on topic Re: routing table
You need to set a default route on your asa 5505:
route outside 0.0.0.0 0.0.0.0 10.3.3.1

YOu need a route on your r2:
ip route 10.7.7.0 255.255.255.0 10.3.3.3 (assuming /24)

You need a route on your pix 501 firewall:
route inside 10.7.7.0 255.255.255.0 10.2.2.254


This is per your design. Of course you still need some policy on the 501 to allow traffic.

Hi all,
I have cisco asa 5505. I want to attach it to the other network that is already configured and connected to the internet. the other network contains two switches, two routers and a firewall. a switch1 connects to router1 and router1 connects to a switch2 then it connects to router2 and router2 connects to a firewall that is connected to the internet. I attached my asa5505 to the router1by doing the routing table through a switch1 but it didn't connect to the internet. Can somebody tell me what the wrong was?

I'll explain more about the netwok topology that is already configured as follows:
switch1 is between router1 and router2 while switch2 is between router2 and asa 5505 that I want to attach it to router2
router2 has two interfaces:
fastethernet0/0 (10.3.3.1)
fastethernet0/1 (10.2.2.254)

router1 has two interfaces:
fastethernet0/0 (10.2.2.1)
fastethernet0/1 (10.1.1.2)

PIX 501firewall has two interfaces:
inside interface is 10.0.0.0 and contains (10.2.2.0 and 10.3.3.0 and 10.1.1.1)
outside interface 0.0.0.0 and contains (10.1.1.0 and 141.218.143.0 and 141.218.143.168)

the internet ip address is 141.218.143.168


my asa 5505 configuration has two interfaces
fastethernet0/0 (10.7.7.2)
fastethernet0/1 (10.3.3.3)

I used ip route is 0.0.0.0 0.0.0.0 connected via 10.3.3.3 fastethernet0/1 and I used ip route 0.0.0.0 0.0.0.0 connected via 10.3.3.1 fastethernet0/0 but it did not work.

what I want is attach asa 5505 to router2 through a switch2 and connects to the internet through this network.

More
17 years 2 weeks ago #24217 by armani
Replied by armani on topic routing table
Thanks a lot for your reply. I did added 10.7.7.0 to the routing table for router1 and firewall. I ignored router2. I'm just working on to connect asa to router1 through a switch1 and then through the internet. But, it still didn't work.

I psoted below my current config:
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password K2T/yDv1cYSJKgZq encrypted
names
!
interface Vlan1
nameif interface0/0
security-level 100
ip address 10.7.7.2 255.255.255.0
!
interface Vlan2
nameif interface0/1
security-level 0
ip address 10.2.2.6 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
pager lines 24
logging asdm informational
mtu interface0/1 1500
mtu interface0/0 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
route interface0/1 10.1.1.0 255.255.255.0 10.2.2.6 1
route interface0/0 0.0.0.0 0.0.0.0 10.7.7.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.7.7.0 255.255.255.0 interface0/0
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config interface0/1
!
dhcpd address 10.7.7.3-10.7.7.130 interface0/0
dhcpd enable interface0/0
!

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:4ddcfece5fe2bf629decc8e8fb824b92
: end
More
17 years 2 weeks ago #24222 by Elohim
Replied by Elohim on topic Re: routing table
Your switch side configuration doesn't look right. Please post a diagram showing where your inside is connected to and where your outside is connected to.

Thanks a lot for your reply. I did added 10.7.7.0 to the routing table for router1 and firewall. I ignored router2. I'm just working on to connect asa to router1 through a switch1 and then through the internet. But, it still didn't work.

I psoted below my current config:
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password K2T/yDv1cYSJKgZq encrypted
names
!
interface Vlan1
nameif interface0/0
security-level 100
ip address 10.7.7.2 255.255.255.0
!
interface Vlan2
nameif interface0/1
security-level 0
ip address 10.2.2.6 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
pager lines 24
logging asdm informational
mtu interface0/1 1500
mtu interface0/0 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
route interface0/1 10.1.1.0 255.255.255.0 10.2.2.6 1
route interface0/0 0.0.0.0 0.0.0.0 10.7.7.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.7.7.0 255.255.255.0 interface0/0
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config interface0/1
!
dhcpd address 10.7.7.3-10.7.7.130 interface0/0
dhcpd enable interface0/0
!

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:4ddcfece5fe2bf629decc8e8fb824b92
: end

Time to create page: 0.122 seconds