Announcement

Collapse
No announcement yet.

Cisco ASA and Cisco 2600 Router

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco ASA and Cisco 2600 Router

    Our Company bought an ASA 5505. we connected a cisco 2600 router to interface 6. Interface 0 is the outside (Internet) interface. My question is how should we configure the ASA to enable a pc behind the router to access the internet.

    ASA inside int IP: 192.168.1.1

    Router fa0/1 int (connecting to ASA): 192.168.1.5/24
    Router fa0/0 int (Connecting to cisco switch and the to client pc) 172.16.0.254/24

    Router EIGRP configured to cisco router

    router eigrp 100
    network 192.168.1.0
    network 172.16.0.0

    pc IP address: manual 172.16.0.1/24
    Default gateway: 172.16.0.254

  • #2
    Re: Cisco ASA and Cisco 2600 Router

    I'm pretty sure that you don't need the 2600 Series router. You can use the ASA5505 for your routing functions in this scenario.

    We have deployed ASA at some of our remote sites and have it function as the firewall/router.

    I think you can really simplify your network by eliminating the router.
    MCITP:SA, MCSA 2003, MCP, CCNA, A+, Net+, Security+

    Comment


    • #3
      Re: Cisco ASA and Cisco 2600 Router

      The thing is, that the network was already there...the ASA firewall, is just an addition...

      Comment


      • #4
        Re: Cisco ASA and Cisco 2600 Router

        In my opinion the route is more of a hindrance.

        It would be much simpler to configure the ASA to be your router as well as your firewall, which in return would make for much more easier time for troubleshooting in the long run and easier to configure right now.
        Last edited by boondock; 27th June 2008, 18:06.
        MCITP:SA, MCSA 2003, MCP, CCNA, A+, Net+, Security+

        Comment


        • #5
          Re: Cisco ASA and Cisco 2600 Router

          nobody has an answer to give??No suggestions at all??

          Comment


          • #6
            Re: Cisco ASA and Cisco 2600 Router

            I agree with boondock.
            Start removing the router. It has no use anymore and it just make it more complicated.

            Otherwise you should perform dual NAT (1x on the router and 1x on the ASA) to access the internet.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Cisco ASA and Cisco 2600 Router

              Originally posted by Nseaman View Post
              Our Company bought an ASA 5505. we connected a cisco 2600 router to interface 6. Interface 0 is the outside (Internet) interface. My question is how should we configure the ASA to enable a pc behind the router to access the internet.

              ASA inside int IP: 192.168.1.1

              Router fa0/1 int (connecting to ASA): 192.168.1.5/24
              Router fa0/0 int (Connecting to cisco switch and the to client pc) 172.16.0.254/24

              Router EIGRP configured to cisco router

              router eigrp 100
              network 192.168.1.0
              network 172.16.0.0

              pc IP address: manual 172.16.0.1/24
              Default gateway: 172.16.0.254
              if you want to use both 2600 router and ASA,
              1, on 2600 there is no need to use eigrp, you can just use static route.
              ip route 0.0.0.0 0.0.0.0 192.168.1.1
              2, on ASA,
              route outside 0.0.0.0 0.0.0.0 x.x.x.x(your default gateway given by ISP)
              route inside 172.16.0.0 255.255.255.0 192.168.1.5
              global (outside) 1 interface
              nat (inside) 1 172.16.0.0 255.255.255.0

              BTW,you know how to assign IP address and security level to ASA interface, don't you?

              Comment


              • #8
                Re: Cisco ASA and Cisco 2600 Router

                The ASA is connected to an ADSL line, with Dynamic IP. would that be a problem??

                I'll try to put it without the 2600...for now, until we'll sort out the problem with the connection between the ASA and 2600. Yes, i know how to assign an IP in ASA int..


                global (outside) 1 interface
                nat (inside) 1 172.16.0.0 255.255.255.0
                BTW where should i put these ones??


                Originally posted by ciscostation View Post
                if you want to use both 2600 router and ASA,
                1, on 2600 there is no need to use eigrp, you can just use static route.
                ip route 0.0.0.0 0.0.0.0 192.168.1.1
                2, on ASA,
                route outside 0.0.0.0 0.0.0.0 x.x.x.x(your default gateway given by ISP)
                route inside 172.16.0.0 255.255.255.0 192.168.1.5
                global (outside) 1 interface
                nat (inside) 1 172.16.0.0 255.255.255.0

                BTW,you know how to assign IP address and security level to ASA interface, don't you?
                Last edited by Nseaman; 30th June 2008, 09:13.

                Comment


                • #9
                  Re: Cisco ASA and Cisco 2600 Router

                  I believe you also can change it to;
                  ip route outside 0.0.0.0 0.0.0.0 eth 0
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment


                  • #10
                    Re: Cisco ASA and Cisco 2600 Router

                    The problem persists.

                    Let me explain the IP sceme.

                    1. Internet router/modem: IP address (inside) 192.168.2.1 DHCP server enabled

                    2. ASA 5505: IP address (outside) 192.168.2.2 assigned by the modem/router

                    3. Asa 5505: IP address (inside) 192.168.1.1/24

                    4. Cisco 2600 Router Fa0/1 IP address 192.168.1.5/24

                    Fa0/0 IP address 172.16.0.254/24

                    tried all the proposed configurations, but nothing worked..

                    Any other ideas??

                    Comment


                    • #11
                      Re: Cisco ASA and Cisco 2600 Router

                      I would start by disabling DHCP on the modem and staticly assign the address to the ASA.
                      MCITP:SA, MCSA 2003, MCP, CCNA, A+, Net+, Security+

                      Comment

                      Working...
                      X