Duel WAN link ER605v2 Cisco ASA 5520
There is an old post on this but not able to find the answer in question, i will have two ISP WAN connections from this I am trying to link the ASA 5520 that has three interfaces Outside (connection of single ISP) Inside (connection of all VLAN HP switch), DMZ VLAN for Hosted Web Servers (inside traffic).
I can configure the WANS with no issues but trying to understand that one of the LAN ports (4) would need to direct back to the Outside Interface of ASA
Here is what I am trying to cover, but when I make a link from LAN Port 4 to Outside Interface on the ASA 5520 it pings but when I cover a test route it does not complete in the desired number hops, I have trued to Add Route but some options are not that clear.
The LAN port does require a VLAN tag and used 2 for this as it does not exist on my existing network and did not want conflicts and in it self is not seen on Existing LAN
Please if any one has covered this could you please provide details with DIA or point to any YouTube video that has done alike connection on main core router.
Does TP-Link have any supporting documentation, I work within a school and hope to pass this information on further to other schools UK based.
Thanks for your support.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
yes it looks very similar to what I did in my first test.
but I see you use 165.50.25.x this is not a private IP you should change it to 10.50.25.x or another IP that is private. Private IPs are in this range.
RFC1918 Subnets
The RFC1918 address space includes the following networks:
- 10.0.0.0 – 10.255.255.255 (10/8 prefix)
- 172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
- 192.168.0.0 – 192.168.255.255 (192.168/16 prefix)
- Copy Link
- Report Inappropriate Content
Well spotted what was I doing on this, need to change over to private that will otherwise conflict with the out side world. Thanks for this was doing subbetting online must have had a melt down.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I changed the bridge IP address to private, have a main issue live at present in testing but our web site on SSN(DMZ) on the Cisco ASA shown on the dia in black line to port on HP Core, this is on Subnet 172.16.40.1 the server IP address 172.16.40.29
The problem its IP address
185.175.114.150 does not route on the ASA 5515 from outside, expect this is the nat rules that are broke.
I tried to see if NAT to NAT or DMZ Nat could this be where I use forward packet rules on ER8411
Looking over the manuals it relates to internal server on your network but this is routing from the ASA
ruled out port tigering as traffic is on 443 from different servers.
Would I need to change a NAT rule on the ASA to get this to work translate from WAN/LAN Port 4 185.175.114.150 LAN on 8411 172.30.20.1 > Server IP 172.16.40.29
virtual servers do not make much sense would be good if they provided, some
We have another issue on application using RDP to server this is another one I need to get my head around, do not mind changing NAT rules on the ASA but need understanding of its routing.
Maybe a static routing needs to be done.
Nat Rule
172.16.40.1
interface WAN/LAN4
Ping web server from LanTrinity
172.16.40.1 or 29 Server Web IP
When I cover a ping from LANTrinity to 172.16.40.1 (GW) it replies - with rule NAT to NAT
If i change this to server 172.16.40.29 it replies on ping diagnostics on the ER8411 Nat to NAT
This is being translated on the Cisco as
SSN - Outside 172.16.40.29 any any 185.175.114.150 original
outside - SSN any 185.175.114.150 any original 172.16.40.29
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2586
Replies: 24
Voters 0
No one has voted for it yet.