Cisco 1841 routing to Cisco ASA 5510 config

Please show the topology plan drawing

ISP > Cisco Router > ASA 5510 Firewall > Layer 3 switch > Lan clients & server

Your ISP should provide you with what is needed on the dialer interface, then you make the ethernet interface that connects to the ASA one of the IPs in the /29, the ASA can be assigned the next IP and then since they are on the same network there is no need for creating a route.  For example we have a 2811 in front of our ASA it IP is X.X.X.17 the outside interface of our ASA is X.X.X.18 we have /28 but other wise it is identical.  You then only have to have a default route on the 1841 thats next hop is the dialer interface and the default 0.0.0.0 route for the ASA is the other IP address from you /29.

If i have:

x.x.x.73 on the dialer interface of the cisco router
x.x.x.74 on the fastether0 of the cisco router

x.x.x.78 on the outside interface of the cisco ASA5510

Does the cisco router need to be in bridging mode / no nat?

Whats static routers are required?

Many thanks!

You should not have .73 on your dialer most of the time the ISP will have you place a different IP there but that is not really important.  You could actually probably bridge the Dialer with the Ethernet on the 1841 and save an IP.  There will just be default routes needed to send all traffic to the next hop.  Your ASA will be doing the NAT, then its 0.0.0.0 Route will be .74, .The 1841's 0.0.0.0 or default gateway will be the other side of the dialer which is why it is odd they are making you use one of your IPs there normally they will tell you what to put on it, and the ISP should handle the traffic from there.  Since this is DSL though that may be why they are just handing them to you if that is the case again you may want to bridge your 1841 Dialer and Ethernet interfaces.  If you Bridge them it will save you the IP and there are a few less hops there.  To create a bridge the following commands would be needed in the 1841:

bridge irb
int (Your Ethernet Int)
no ip address
bridge-group 1
exit
int Dialer (Your Dialer #)
no ip address
bridge-group 1
exit
Interface BVI1
ip address ( x.x.x.73)
exit
ip route 0.0.0.0 0.0.0.0 (X.X.X.X whatever your ISP says your gateway should be)

Those commands will bridge the two adapters so traffic flows through one and the other then you plug your ASA into the interface that is bridging and you should be all set.

StrifeJester

bridge 1 protocol ieee
bridge 1 route ip

Forgot those two lines you will need them for the bridging as well.

Hi,

Why you use 1841 before ASA?

in the uk we use ppoa - so using the 1841 to conect to the adsl

StrifeJester,

what route would i put on the asa?

0.0.0.0 0.0.0.0 to x.x.x.?

ok,

In this case you need static nat on 1841

x.x.x.1 1841 to ----> 192.168.1.1 ASA
x.x.x.2 1841 to ----> 192.168.1.2 ASA

You route from the ASA will be whatever IP you assign to the BVI1 interface you create on the 1841

I would not recommend doing what ikalmar said and giving your ASA an internal IP on the outside interface, this will cause double NAT and make it more difficult to use your remaining IPs.  The ASA if given an IP on the outside can listen for other external IPs.  Like in our office we have 3 web sites that the ASA listens and knows that .1 goes to server A .2 goes to Server B etc.  It also allows for us to use a different IP for out webservers and mail server.

Ok, i've done the following config to put the router in bridge mode, ive then set the chap details up to be sent from the asa but getting these errors:

 %TBRIDGE-4-NOVCFLOOD: No VC's configured for bridging on ATM0





pbtest#sh run
Building configuration...

Current configuration : 858 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname pbtest
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
dot11 syslog
no ip routing
no ip cef
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 no ip route-cache
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
 !
 dsl operating-mode auto
 bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
 --More--
*Mar  1 01:03:40.791: %TBRIDGE-4-NOVCFLOOD: No VC's configured for bridgiinterface Vlan1
 no ip address
 no ip route-cache
 bridge-group 1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
bridge 1 protocol ieee
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 login
!
scheduler max-task-time 5000
end

Please turn on IP routing and re-enter the commands.

sorry... whats the ios command to do that :o)

sorry blonde moment - ip routing :)

still getting:

pbtest#
*Mar  1 01:10:36.915: %TBRIDGE-4-NOVCFLOOD: No VC's configured for bridging on ATM0

Sounds like there is something with the ATM connection coming up like it is missing something.

This is Cisco's explanation of the error:

%TBRIDGE-4-NOVCFLOOD : No VC's configured for bridging on [chars]

Explanation    An ATM interface was configured for transparent bridging without also specifying the associated virtual circuits.

Recommended Action    Configure the required virtual circuits on the specified interface.

what say the ISP about VPI/VCI?

Perhaps ATM0 has to be in bridge-group 1 as well, that is a new error for me I will keep looking though.

DSL Settings        VPI=0 VCI=38
RFC2364 PPPoATM VC - Null Encapsulation
Multimode
AutoModulation

And pppoe?
chap or pap?

ppoa

chap

nterface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.3 point-to-point
pvc 0/38
pppoe-client dial-pool-number 3

interface Dialer3
description Swiftel Internet Network
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 3
dialer-group 1
keepalive 15 3
no cdp enable
ppp authentication chap callin
ppp chap hostname username
ppp chap password password

dialer-list 1 protocol ip permit
ip route 0.0.0.0 0.0.0.0 Dialer3

pbtest(config)#int fastether0
pbtest(config-if)#bridge-group 1
FastEthernet0 does not support bridging