madstylex
asked on
Creating a network with DMZ
Hi Experts,
I am very new to cisco and trying to create a network with a DMZ on GNS 3.
I am using a 7200 router and an ASA 5520 8.4(2).
I have an internal network with 1 subnet connecting to router R1.
R1 is connected to the ASA device via it's own subnet.
The ASA device has 3 interfaces: LAN, WAN and DMZ
Subnets
LAN: 10.6.2.0 /23
R1 to ASA: 10.6.4.0 /30
DMZ: 172.1.1.0 /29
WAN: 192.168.1.1
I've looked at some guides and tried to configure the ASA with NAT and ACL's, but nothing on the LAN will ping anything on the ASA at all. The LAN and ASA are ok individually but I can't get them to talk!
I've spent the last few hours trying to debug my config but I'm afraid I don't know enough to get it working. Can some one have a look at my running configs and tell me where im going wrong?
I will attach them to question.
Hope someone can help!
routerconfig.txt
asaconfig.txt
I am very new to cisco and trying to create a network with a DMZ on GNS 3.
I am using a 7200 router and an ASA 5520 8.4(2).
I have an internal network with 1 subnet connecting to router R1.
R1 is connected to the ASA device via it's own subnet.
The ASA device has 3 interfaces: LAN, WAN and DMZ
Subnets
LAN: 10.6.2.0 /23
R1 to ASA: 10.6.4.0 /30
DMZ: 172.1.1.0 /29
WAN: 192.168.1.1
I've looked at some guides and tried to configure the ASA with NAT and ACL's, but nothing on the LAN will ping anything on the ASA at all. The LAN and ASA are ok individually but I can't get them to talk!
I've spent the last few hours trying to debug my config but I'm afraid I don't know enough to get it working. Can some one have a look at my running configs and tell me where im going wrong?
I will attach them to question.
Hope someone can help!
routerconfig.txt
asaconfig.txt
rauenpc
not sure how GNS3 handles this command, but your gig0/0 on the router has "media-type gbic", and that's the interface that appears to go to your ASA. You might need to change that to "media-type rj45" for this to work. Also, since this is just a GNS3 lab, you could also post the .net files in zip form and we could run this ourselves to see where the issue lies.
ASKER
Hi Rauenpc,
I tried changing the media-type and that didn't work.
I also created a static route from the ASA to subnet 10.6.2.0 which has now allowed my hosts to ping the ASA LAN interface, they don't go any further than that.
Do I need to create a route for all interfaces on the ASA?
If I do that, will my NAT and ACL's still take effect, or will the static routing take priority?
I tried changing the media-type and that didn't work.
I also created a static route from the ASA to subnet 10.6.2.0 which has now allowed my hosts to ping the ASA LAN interface, they don't go any further than that.
Do I need to create a route for all interfaces on the ASA?
If I do that, will my NAT and ACL's still take effect, or will the static routing take priority?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I ended up using the CISCO ASDM interface to set up the DMZ