Cisco WAN :: Routing With ASA 5505 WAN Via ADSL Bridge?
Dec 2, 2012
I'm trying to configure an ASA5505 behind an ADSL modem/router in bridge mode.The problem is the routing on the WAN side, because the gateway/next hop is a wierd address on the 10.x.x.x. range, outside the subnet.
So, I've got bridge mode working fine. If I take a laptop and configure it's ethernet adapter as the ADSL public IP with the wierd default gateway of 10.20.20.224 - windows complains about the gateway being outside the interface subnet but allows me to apply it, and it works, the laptop routes out to the internet fine with it's interface on the ADSL IP address.
So the bridging would appear to be working fine, negotiating the PPPoE ADSLand routing that transparently to the ethernet ports.But when I plug the ASA into that port and configure the ASA interface on the ADSL IP, I can't get it to route out properly.
With the ASA in this configuration I can't even ping from the ASA on the outside interface to 10.20.20.224 and get a reply. With a PC running Windows plugged into the same port on the same IP and the same gateway, I can ping it (and route out) just fine.
When in bridge mode the ADSL modem/router assigns a managament IP to the ethernet interfaces of 192.168.1.1, so you can still connect to the device to manage it. If I change the 'outside' address of the ASA to 192.168.1.100/24 I can then ping to 192.168.1.1 and get replies, so the physical connection is fine.What am I missing here?
I've got Cisco X2000 and WAG120N. Is it possible to use one of those as a kind of a 'ADSL bridge' on to connected Sonic wall firewall ? How I picture it is that adsl connection is terminating on one of above Cisco boxes, which is connected via Ethernet or wan port to sonic wall, and it's only passing the adsl connection on to sonic wall which in result will end up with my ISP assigned IP address ?
i have ASA 5505 and have a ADSL modem (hwich has DHCP enabled) 192.168.1.X/24....i have static ip as well which is 34.X.X.X. i want to use ASA as a firewall and want to make site to site VPN..i tried to google it but i cant find any config.i have 4 swicth port in the ADSL modem so shd i connect my ASA with building switch but then it will have DHCP enabled if i disable DHCP on ADSL router then how will my ASA communicate.
I'm using the ASDM, if I configure VLAN2 with the IP address of the VDSL interface I can ping the modem from the console session via Putty. If I take that off and configure up the PPPOE client I can't ping the VDSL modem, I'd expect that. If I then add in an IP address to the PPPOE client config like I assigned to VLAN2 it doesn't ping either.If I can't ping the VDSL modem I don't expect it would work but it seems I can only either give it a static address which pings but has no pppoe or give it a PPPOE config which means I can't ping the VDSL. why I can't ping the VDSL modem when the interface is set as PPPOE with an IP address?Presumably if I'm on the ASA console doing pings from there to the modem then I'm ruling out problems with the routing from the laptop (trying to isolate where the issue is)
So basically I have a C877 and a Cisco ASA 5505 and I want to push the public IP of the ISP to the outside interface of the ASA so the Cisco 877 will only be responsible for ADSL and PPPoA. Don't ask me why I don' t use a modem/router instead. I know that is a waste to use the C877 in this way but I want to test the setup.
Right now the config of the C877 regarding ADSL and PPPoA looks like that ( I don't have the ASA connected yet, so all the PC are connected directly to the C877 right now):
interface ATM0 no ip address load-interval 30 no atm ilmi-keepalive pvc 0/35 encapsulation aal5mux ppp dialer dialer pool-member 1
interface Dialer1 ip address x.x.x.x 255.255.255.248 ip access-group OUTSIDEACL in ip nat outside ip inspect FWRule out ip virtual-reassembly encapsulation ppp dialer pool 1 ppp authentication chap pap callin ppp chap hostname xxxxxxx ppp chap password 0 xxxxxxx ppp pap sent-username xxxxxx password 0 xxxxxxx
ip route 0.0.0.0 0.0.0.0 dialer 1
ip nat inside source route-map Nat interface Dialer1 overload
interface vlan 100 is my LAN configured with DHCP.
how I should configure the C877 to push the public IP to the ASA?
i have a problem with my adsl line connected on a HWIC-ADSL on router 2901 it was working good until yesterday the atm interface is down but the interface dialer is up .i connected this line into home adsl modem and the line is working good?
i am planning to Configure Site To Site VPN between ASA 5505 & Cisco ADSL Router 887. before going to purchase hardware i want to make sure that site to site vpn will work with these Hardware or not.
LAN_ALAN_BWRVS4400n: Lan 192.168.10.11 WAN 192.168.9.11 WAG160N: Lan 192.168.9.10 WAN static IP xx.xx.xx.81 WRVS4400n: Lan 192.168.2.11 WAN 192.168.1.11 WAG54GS: 192.168.1.10 WAN static IP xx.xx.xx.95
On the tests in WAG-s all ports are forwarding on WRVS and I open 8080 for Remote Management in WRVS. I can get acces to bouth WRVS by Remote Management from outside networks. I make in bouth WRVS client vpn, but when I want connet by OpenVPN Cilent, I have access for few seccend and I get notificatin that the network not respond. Some time i get connection for long time.
Tunels configuration NET ANET BTunel name: NET_A Local Group Setup Local Security Gateway Type: IP only Local IP: 192.168.9.11 Local Security Group Type: subnet IP. 192.168.10.0
[code]....
When I change ADSL to bridge mode the VPN tunels are working and OpenVPN Cilent connect normaly. But I thing that the solution with adsl mode bridge isn't safely like forwarding ports and routing.
I have a SR520W-ADSL-K9, I´m trying to setup it trough CCA, but I have some troubles. At the internet connection I mark PPoE option, enter the vci=0, vpi=35, the username, the password (like the ISP TELMEX suggest), and mark the IP Negotiated option, but I have not find the ISP service give me an IP Address and establish the connection.
I have 3 877 ADSL routers for internet connectivity. I recently installed a FW behind them and would like to use the Ciscos as load balance in order to get better utilization from my 3 internet links.
1) the 3 routers are on DHCP from the ISP on the WAN side.
2) the 3 ciscos are on the same class C subnet on the LAN side: 10.201.1.252, 10.201.1.253 and 10.201.1.254
I have cisco 1801W . Earlier I am using ADSL dynamic IP address on RJ 11 through the ADSL Port but now the ISP change the connection to RJ45.
I am trying to configure it but unable to do this. ADSL line is okay because When I am connecting through the ISP router it is working fine. I have connected the ADSL RJ45 cable in the router fast ethernet 0.But I wanted to use Cisco 1801 Router so that I can use the ADSL as primary and ISDN as the backup.
Below is my configuration, eiteher this is possible to configure ADSL through RJ45 in 1801 and what configuration require for this.
Router#show ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0 unassigned YES DHCP up up BRI0 unassigned YES unset administratively down down BRI0:1 unassigned YES unset administratively down down BRI0:2 unassigned YES unset administratively down down
i want to use the cisco 2901 router with two adsl cards(EHWIC-VA-DSL-B) and would like to know if that possible without any restrictions with the ip base license.
Basically I have a simple LAN of 30 users and 2 servers that sit on a private address range (192.168.1.1 - 254). I have a Cisco 1921 router with 2 Gigabit Ethnet interfaces and have installed a 2 port Ethernet module to expand interfaces,I have Two Internet providers that provide me an Optic connection to a converter and then a CAT 5 cable. On both of these connections have private public assigned IP addresses.I have a email server and webserver on the LAN (192.168.2 and 192.168.1.3) and with to port forward various ports to these servers - 25, 80, 443 3389, and 2222.
In my external DNS I have two MX records for the mail server (mail.globalhomegroup.com) that point to 2 A records - one record for the publicly assigned IP address of one ISP and another IP address for the other ISP. Ideally what i would like is for mail to be delivered to the first ISP Ip address - the one with the lower MX weighting and then if that line goes down, through the IP address of the second MX record - the backup ISP we are using.
So I guess I am port forwarding to the inetrnal server IP addresses via one of the two external interfaces.At the same time I need to allow internal users to access HTTP, HTTPS etc.So I have managed somehow to configure the external interfaces of the routers to connect to the ISPs and have managed to assign IP info to intenral LAN interface. I can telnet to the router from the Internet via Dialer0 or Dialer1. Other than that I am totally stuck - I have tried to configure and debug NAT etc but cant see wood for the trees now. Basically the port forwarding is not working and i am not sure if the config I have done is in anyway correct.
I have a Cisco 1721 router with an ADSL wic. I have followed guides on the Cisco website so that I can connect the router to my home adsl connection. The router connects to my broadband provider and sucesfully obtains an IP address along with Dynamically assigned DNS servers. I am able to ping google.co.uk from the router but not from clients attached via DHCP.
I have noticed that if I ping the IP address of google.co.uk from a client it resolves but it will not resolve the name. This would lead me to believe that the problem lies with DNS resolution/forwarding but I do not know how to investigate further.
I have the requirement to provide a Cisco Router with 3 x ADSL lines (768k) to increase the internet speed.PPP multilink is not supported from the ISP.
Is it possbile to distribute the traffic between this three ADSL lines?How can I configure this?
I have the following hardware configuration:
1 x CISCO1921-SEC/K9 2 x EHWIC-VA-DSL-B
The third ADSL line is connected over an ADSL modem at one fixed Router Gigabit interface.
Is the ADSL line interface on Cisco 877W not initialising a known issue? This interface on my router has been in this state for more than one month, with the rest of the router seemingly operational. The interface was connected directly to my ADSL broadband and worked well for two years. But then, about a month ago, the interface went down. I saw the exact moment this happened recorded as a syslog message. The only information was that the interface status had changed to down.
Initially I thought this was a matter of reload the router and all will be well. Did not happen. Then I thought my broadband connection was to blame. However, this option was quickly ruled out. So I went on to exhaust all troubleshooting options, including reflashing the router with the saved image and totally changing the configuration. Still no change. I have had to go back to my old BT home hub for internet access. In terms of speed this actually works a lot better than the Cisco router. But I would still rather have the router connected to my broadband line. What can I do to bring the ADSL interface back to life?
I'm looking for Routing Design scenarios to complete our configuration needs for remote branches. We will have two 1921 routers in each location, one with a T1 from our MPLS carrier, the other with a DSL connection from an ISP. The T1 router will have an assigned AS and use BGP to router back to head quarters. The DSL router will have an IPSec tunnel back to an ASA 5510 at head quarters. I envisions a GRE tunnel from the DSL router back to head end routers connecting to MPLS at head quarters. Not sure yet how to manipuate the routing between head quarters and the branches such that the T1 router is the primary route to and from the branches and the DSL router is for failover/backup.
We currently have a main network running through a static broadband connecting using a Cisco 1700 ADSL router, everything is working fine locally.
We are looking to rent some space in an office nearby so im going to order another business adsl connection with static IP for this site and i currently have a spare 1800 router.My question is can the cisco routers connect up like a VPN connection so both sites work together and will the connection remain online constantly so from the remote office we can access all our servers from the main network?
Also how does the IP addressing work on 2 sites. The main network uses 10.120.21.x and DHCP is assigned from a cisco router. Does the remote network assign from the same DHCP server or would the remote sites cisco router need to be setup to give out DHCP to local machines. If so what would be the best IP setup to use.
In a site we currently have 1 BT provided ADSL link which is currently terminated using their device which I believe is some kind of 2wire device, which is extremely slow due to distance from the Exchange (4Mbps)...We have a growing number of users here and want to install a second ADSL line from BT to give them increased performance.
We have a Cisco 2800 sat not doing much so I was wondering if I could use this to load balance the link? I know BT do not support MPPP so therefore the maximum any user can get will be the speed of a single link (4Mbps)...But basically how can this be done..
Can I leave the two BT routers in place and place the Cisco 2800 behind them, or do I need to purchase two ADSL modules for the 2800 and terminate the connection there?Also once done, what do I need to do regarding actually setting up the load balancing? I have seen this:
[URL]
But am unsure as to how relevant it is? I am not sure I understand what the ACL's are being used for? I just want all users on the LAN to load balance out...
Also I am unsure of this statement:You potentially need to add policy-based routing for specific traffic to ensure that it always uses one ISP connection. Examples of traffic that require this behavior include IPSec VPN clients, VoIP handsets, and any other traffic that use only one of the ISP-connection options to prefer the same IP address, higher speed, or lower latency on the connection.I do not understand why a established session such as a VPN client, would ever traverse the second ISP connection anyway?
I've moved a Cisco 887 router from a site where it was used to dial up on an ADSL line to a new site where we have a EFM circuit which terminates at a Cisco 1841 router managed by our ISP. I therefore need to re-configure our 887 router to work as a conduit from our servers back to the Cisco 1841 as its gateway.
I have asked from our ISP and they told me that i need to configure the 887 to use IP address 176.35.140.65 255.255.255.248 and its gateway should be 176.35.140.70. That's great advice in theory but I don't know how to configure this correctly
Our internal network is using subnet 192.168.42.XX which will need to be retained for local devices.
1. I'm interested if it's possible to block certain contetn only at certain time ? e.g. We would like to block facebook from 7:00 to 10:00 and from 11:00 to 15:00. I was going through cisco manuals but can't find the right answer to this.
2. Cisco 871 has 4 LAN interfaces and one WAN interface. Currently WAN interface is connected to adsl modem in bridge mode and LAN 0 interface is connected to switch.
I'm interested if I could use remaining 3 LAN interfaces for adsl connections same as I'm using WAN interface. Then I would create vlans that would use LAN interface 0. Each of those VLAN's would use different adsl connection.I would assign different IP to each VLAN's so users would be able to change their gateway and use different ADSL connection.
I need to replace an ADSL modem and have a spare 857W. Can I use this to act as a simple bridge between the ADSL PPPoA connection and the FW WAN port?
[ CISCO 857W ] ISP - PPPoA - BRIDGE - FW WAN
I have a block of Public IP's so the PPPoA Dialer 0 connection would get x.x.x.185/29 I would like to bridge this directly to the FW WAN port and set that to x.x.x.185/29 with a gateway of x.x.x.186/32.Currently I am using it in router mode with no NAT or FW and am losing a Public IP as I need to set the FW WAN as x.x.x.186 with a GW of x.x.x.185 I am setting BVI 1 as x.x.x.185/29 and Dialer0 as IP Unnumbered BVI 1.
I need to set up a L2 llink between my LAN and this 1921 router. I though IRB would do it but its not working yet. Here is the topology- I dont want to see another hop on this 1921 rtr so I hope I can just trunk it or something with IRB. Not working.
I have 3750 core/distribution switches with routing enabled in two offices connected with copper link and L3 port channel interfaces. NewOffice#2 has moved about 5 miles farther away from office#1 and I have to deploy new core/distribution switch connect it to old core#2 via F.O and move all access switches with it. Old core will stay in old #2 offices as a bridge between office#1 and new office#2 Office#1core<->copper (Ethernet) <->oldoffice#2core<->f.o. <->new office#2core How I should configure port channels ports on oldoffice#2 core to act as bridge between office#1 core/dist and newoffice#2 core/dist without changing anything else (ip, etc) on whole network
I have 3 VLANs here that need to be on the same network segment. They are going to be used by our Wi-Fi network (with Aironet APs), bound to 3 different SSIDs (as Aironet APs doesnt allow multiple SSID per VLAN), each one with a different authentication method and server.Is there a way to bridge those VLANs together with a Catalyst 3750 switch? I tryed configuring an IP address on one of the VLAN interfaces, then configuring a bridge with the vlan-bridge protocol (Catalyst 3750 doesnt have the "ieee" bridge protocol type) and put all 3 VLAN interfaces on the same bridge-group, but it didnt work (even with "bridge x route ip").I also tryed configuring IRB bridging, with the 3 VLAN interfaces on the same bridge-group and an IP address on the BVI interface (the way I used to do with old 2600 routers). Same result.(actually, I didint test to see if the interfaces are actually being "bridged", but I see neither of them can reach the router)
I have two separate offices in the same building that I'm trying to connect. They are physically far apart so I cannot connect them wirelessly. I have had an ethernet cable run from the main office to the second office and physically connected it to a WET200. I can see the WET200 on my router in the main office. In the second office, I want clients to be able to come in and connect wirelessly to the WET200 which will then connect them to my router and internet connection. The WET200 is the correct device for this?
In preparing for an upcoming upgrade of our serverswitches (N7K and N55K), I've run into a wellknown issue with ISSU and Bridge Assurance, where ISSU is not supported when, among other, BA is enabled.
My topology is quite simple (see attatched jpg). A pair of N7K's as distributionlayer switches running in vPC mode with BA between them. The N55K's are dualhomed across the two N7K's through vPC, but each N55K operate indvidually, that is vPC is not running between them. The jpg shows a simplified topology, but I have several N55K's attached.
During the deployment of this network, we enabled BA downstream towards the N55K. In hindsight, maybe I could have excluded this option, but currently it's in operation and is also hindering me in doing ISSU on my N55K's. Now, the easy solution would be to simply revert to normal span-type mode and since the N55K is running LaCP upstream towards the N7K's, we've managed to stay clear of STP's shortcomings, so I believe I'm good even without BA.
Unfortunately, I don't have sufficient equipment at my disposal to set up a lab and test the impact of disabling BA between the N7Ks and N55Ks in a running enviroment. And since our server/application enviroment is somewhat fragile (that's putting it mildly), I'm trying to come up with an educated guess as to what impact to expect, if I concurrently (or as close as a manual intervention can get) re-configure the two ends of the channel to use span-type normal. I would expect the upstream port on the N55K (channel-port) to temporarily be suspended and having to go through the usual rstp cycle on both ends before coming operational again.
We have a 6513 with about 8 switches in it. I installed a Intel Pro PT NIC in a Dell PE2850 and setup the Team setting which created a bridge in the network connections.
10 minutes later, every server connected on that 'blade' went down and rebooted.
This happened once before to another tech here (I didn't know at the time it would do this but after he saw it he pointed it out)
