But you siad it works fine when you remove the 1841 router. Can you post the configs?
Stu 2009/9/8 Kingsley Charles <[email protected]> > The problem is not with 1841 but the ASA is refusing the traffic. > > The problem is that with ASA, I am not able route traffic when inside > interface is connected to VLANs through a switch and outside interface > which is conncted to a router. > > One side of the ASA is L2 and the other side is L3. Is this scenario > supported by ASA? > > > In most of the documents for ASA VLAN support, I see both the sides of ASA > connected to L2 switches. > > With regards > Kings > > > > > On Tue, Sep 8, 2009 at 5:14 PM, Stuart Hare <[email protected]>wrote: > >> Spot on that was my next response :-) >> >> 2009/9/8 Dave Craddock <[email protected]> >> >>> Sorry hit the send button before I finished >>> >>> >>> >>> When you do the no ip routing it doesn’t stop the router being a layer3 >>> device it just stops it routing traffic to unknown networks if you are on >>> interface 1 you can still ping an address on interface 2 but you can’t route >>> traffic from a host on network 1 to a host on network 2. >>> >>> >>> >>> To make the router into a bridge you need to use bridge groups on the >>> interfaces that you want to bridge together and then tell the router what >>> you want to bridge i.e bridge ip route ipx etc >>> >>> >>> >>> Dave >>> >>> >>> >>> *From:* [email protected] [mailto: >>> [email protected]] *On Behalf Of *Kingsley >>> Charles >>> *Sent:* 08 September 2009 11:40 >>> *To:* [email protected] >>> *Subject:* Re: [OSL | CCIE_Security] ASA support of trunking >>> >>> >>> >>> My topology >>> >>> >>> >>> >>> >>> (host routerA) 1841 ---------- L2 1841 L2 -------------- G 0/1(inside) >>> ASA (outside) G 0/0 ------------outside world ---------- telnet server host >>> (router) >>> (switch) >>> >>> On Tue, Sep 8, 2009 at 3:51 PM, Kingsley Charles < >>> [email protected]> wrote: >>> >>> Hi >>> >>> >>> >>> I have a host routerA connected to a switch port of 1841 (access vlan 6) >>> and other port (access vlan 6) is connected to the ASA (inside g0/1). The >>> ASA is connected to the outside world >>> >>> through g0/0 (outside). >>> >>> >>> >>> I have configured PAT on the ASA. >>> >>> >>> >>> I have disabled "ip routing" on the ASA, such that it has switching >>> functionality alone. >>> >>> >>> >>> Now I am trying to make telnet connection from the host routerA to a >>> host in the outside world but I get the following error message on the >>> router. >>> >>> >>> >>> % Connection refused by remote host >>> >>> >>> >>> >>> >>> I am able to ping the inside interface of the ASA from the host routerA. >>> >>> >>> >>> >>> >>> The PAT is not happening and the ASA is refusing the connection. >>> >>> >>> >>> If I remove the switch (1841) and connect the host routerA (from L3 >>> interface) directly to ASA inside interface, the PAT is happening and I am >>> to telnet. >>> >>> >>> >>> >>> >>> I am observing that when I use L2 ports, the connectivity doesn't go >>> through the ASA. >>> >>> >>> >>> I even tried converting the ASA inside interfaace to a trunk and making >>> the switch port into a trunk but still I see the same problem. >>> >>> >>> >>> For both cases using inside interface in access mode and trunk mode, ASA >>> refuses the connection. >>> >>> >>> >>> What could be the problem? >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> With regards >>> >>> Kings >>> >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
