?
Solved

How to allow access to VLAN from outside (ASA and 881)

Posted on 2011-10-05
6
Medium Priority
?
368 Views
Last Modified: 2012-05-12
I have two Cisco routers ASA5510 and 881.
881 has two vlans, VLAN1 and VLAN2. VLAN1 is on 10.10.25.0 sub-net and computers from VLAN1 can communicate and authenticate to 10.10.0.88 which is a domain server.
How can I configure 881 so it will allow communication the other way around? If I try to ping VLAN1 or access the  computer (10.10.25.10) from 10.10.0.88 i am unable to do it.

Please check the attached txt with 881 config and the image with network layout.

Thank you for your help.
881-config.txt
network-layout.png
0
Comment
Question by:keserm
  • 3
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
ddiazp earned 2000 total points
ID: 36921443
Easy right off the bat:

Your 10.10.0.88 host probably does not have a route to 192.168.1.0/24, make sure you have that route on your ASA:


ip route 192.168.1.0 255.255.255 10.10.0.2
0
 
LVL 18

Expert Comment

by:Don S.
ID: 36921519
The ASA is not a router.  It is a firewall and as such, it likely would have rules not allowing ping to go through in that direction.  check the rules in the asa to see what is explicitly allowed through.
0
 

Author Comment

by:keserm
ID: 36921681
Thanks for the reply!

ddiazp

Did you mean:
ip route 10.10.25.0 255.255.255 10.10.0.2

I'll have to wait until morning to make the change.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 10

Expert Comment

by:ddiazp
ID: 36922219
255.255.255.0....
 and yeah i jimped a bit too ahead of myself, make sure icmp echo and echo reply are allowed on the firewall
0
 

Author Comment

by:keserm
ID: 36926890
ASA does not allow 'ip route' command, I get:
'Invalid input detected at '^' marker.'

This is in production so I can't play much wit it. Should I use:

route inside 10.10.25.0 255.255.0 10.10.0.2
0
 

Author Comment

by:keserm
ID: 36942191

ASA:
'route inside 10.10.25.0 255.255.0 10.10.0.2' worked.


0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question