Hi Stu I am at my home now. Will send the configs tomorrow.
With regards Kings On Tue, Sep 8, 2009 at 6:44 PM, Stuart Hare <[email protected]>wrote: > But you siad it works fine when you remove the 1841 router. > > Can you post the configs? > > Stu > > 2009/9/8 Kingsley Charles <[email protected]> > > The problem is not with 1841 but the ASA is refusing the traffic. >> >> The problem is that with ASA, I am not able route traffic when inside >> interface is connected to VLANs through a switch and outside interface >> which is conncted to a router. >> >> One side of the ASA is L2 and the other side is L3. Is this scenario >> supported by ASA? >> >> >> In most of the documents for ASA VLAN support, I see both the sides of ASA >> connected to L2 switches. >> >> With regards >> Kings >> >> >> >> >> On Tue, Sep 8, 2009 at 5:14 PM, Stuart Hare >> <[email protected]>wrote: >> >>> Spot on that was my next response :-) >>> >>> 2009/9/8 Dave Craddock <[email protected]> >>> >>>> Sorry hit the send button before I finished >>>> >>>> >>>> >>>> When you do the no ip routing it doesn’t stop the router being a layer3 >>>> device it just stops it routing traffic to unknown networks if you are on >>>> interface 1 you can still ping an address on interface 2 but you can’t >>>> route >>>> traffic from a host on network 1 to a host on network 2. >>>> >>>> >>>> >>>> To make the router into a bridge you need to use bridge groups on the >>>> interfaces that you want to bridge together and then tell the router what >>>> you want to bridge i.e bridge ip route ipx etc >>>> >>>> >>>> >>>> Dave >>>> >>>> >>>> >>>> *From:* [email protected] [mailto: >>>> [email protected]] *On Behalf Of *Kingsley >>>> Charles >>>> *Sent:* 08 September 2009 11:40 >>>> *To:* [email protected] >>>> *Subject:* Re: [OSL | CCIE_Security] ASA support of trunking >>>> >>>> >>>> >>>> My topology >>>> >>>> >>>> >>>> >>>> >>>> (host routerA) 1841 ---------- L2 1841 L2 -------------- G 0/1(inside) >>>> ASA (outside) G 0/0 ------------outside world ---------- telnet server host >>>> (router) >>>> (switch) >>>> >>>> On Tue, Sep 8, 2009 at 3:51 PM, Kingsley Charles < >>>> [email protected]> wrote: >>>> >>>> Hi >>>> >>>> >>>> >>>> I have a host routerA connected to a switch port of 1841 (access vlan 6) >>>> and other port (access vlan 6) is connected to the ASA (inside g0/1). The >>>> ASA is connected to the outside world >>>> >>>> through g0/0 (outside). >>>> >>>> >>>> >>>> I have configured PAT on the ASA. >>>> >>>> >>>> >>>> I have disabled "ip routing" on the ASA, such that it has switching >>>> functionality alone. >>>> >>>> >>>> >>>> Now I am trying to make telnet connection from the host routerA to a >>>> host in the outside world but I get the following error message on the >>>> router. >>>> >>>> >>>> >>>> % Connection refused by remote host >>>> >>>> >>>> >>>> >>>> >>>> I am able to ping the inside interface of the ASA from the host routerA. >>>> >>>> >>>> >>>> >>>> >>>> The PAT is not happening and the ASA is refusing the connection. >>>> >>>> >>>> >>>> If I remove the switch (1841) and connect the host routerA (from L3 >>>> interface) directly to ASA inside interface, the PAT is happening and I am >>>> to telnet. >>>> >>>> >>>> >>>> >>>> >>>> I am observing that when I use L2 ports, the connectivity doesn't go >>>> through the ASA. >>>> >>>> >>>> >>>> I even tried converting the ASA inside interfaace to a trunk and making >>>> the switch port into a trunk but still I see the same problem. >>>> >>>> >>>> >>>> For both cases using inside interface in access mode and trunk mode, ASA >>>> refuses the connection. >>>> >>>> >>>> >>>> What could be the problem? >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> With regards >>>> >>>> Kings >>>> >>>> >>>> >>>> _______________________________________________ >>>> For more information regarding industry leading CCIE Lab training, >>>> please visit www.ipexpert.com >>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
