Routing issue
flares2
Member Posts: 79 ■■□□□□□□□□
in CCNA & CCENT
I'm trying to bypass the ASA as seen in the image. By changing the default route on the switch to 10.20.145.8 and configuring NAT on the router all 10.20.145.0 traffic successfully translates and can connect to the internet. No other VLANs can even ping 10.20.145.8, but they can ping and connect to 10.20.145.5 (DSL router) and 10.20.145.2 (ASA). I'm getting a huge headache trying to figure out why they can't connect to 10.20.145.8. Right now the port from the 4503 to the 2800 router is on vlan 145, so I figured I'd make it a trunk. By doing that no devices can ping 10.20.145.8, not even devices on the 145 VLAN. Also, the ports connected to the DSL router and ASA are on VLAN 145 but other devices connect (because of L3 switching) so why can any VLANs other than 145 connect to 10.20.145.8?
Techexams.net - Job security for one more day.
Comments
-
dtlokee Member Posts: 2,378 ■■■■□□□□□□Why on earth are you trying to intentionally bypass a firewall and connect your core network to the Internet? It's seriouly foolish.The only easy day was yesterday!
-
ITdude Member Posts: 1,181 ■■■□□□□□□□dtlokee wrote:Why on earth are you trying to intentionally bypass a firewall and connect your core network to the Internet? It's seriouly foolish.
I was kinda wondering that myself!I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.
__________________________________________
Simplicity is the ultimate sophistication.
(Leonardo da Vinci) -
flares2 Member Posts: 79 ■■□□□□□□□□Foolish yes, but for a purpose. The ASA is getting replaced by a Sonicwall. Timing got screwed up somewhere and the ASA will be on it's way out very soon to another company that purchased it and we need to maintain connectivity until the Sonicwall is here. On a good note, we have two physically separate networks and this is the much smaller and less important of them.
I know it doesn't make sense and I should tell my boss that there's other ways around, etc etc. But my boss is a very single minded person, I've found it's much easier to just get things running his way (regardless of how stupid they may be) than to argue and justify my ideas for weeks and months, just to do it his way in the end anyway.Techexams.net - Job security for one more day. -
dtlokee Member Posts: 2,378 ■■■■□□□□□□Tell him I have put up honeypots on an external network that are attacked within MINUTES, not days, weeks or years, but minutes.
You need something that can open and close connections securely. Is the edge router running a security IOS?The only easy day was yesterday! -
tiersten Member Posts: 4,505flares2 wrote:Foolish yes, but for a purpose. The ASA is getting replaced by a Sonicwall. Timing got screwed up somewhere and the ASA will be on it's way out very soon to another company that purchased it and we need to maintain connectivity until the Sonicwall is here. On a good note, we have two physically separate networks and this is the much smaller and less important of them.
I know it doesn't make sense and I should tell my boss that there's other ways around, etc etc. But my boss is a very single minded person, I've found it's much easier to just get things running his way (regardless of how stupid they may be) than to argue and justify my ideas for weeks and months, just to do it his way in the end anyway. -
shednik Member Posts: 2,005tiersten wrote:Find an old PC somewhere. Put two NICs into it. Install IPCOP or whatever until you get your Sonicwall installed.
Best option for you if you have nothing else in the mean time i would never leave a network open like that, as DT pointed out it doesn't take long to get hit!