I would double check the ASA route command. For a test, use tarcert to find
out where the traffic stop.
--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"SteveV" <(E-Mail Removed)> wrote in message
news:bd3066ba-e852-4915-a08c-(E-Mail Removed)...
On Oct 29, 9:54 pm, "Bill Grant" <not.available@online> wrote:
> "SteveV" <StevenVib...@hotmail.com> wrote in message
>
> news:f4ac5453-c5da-4c51-9cab-(E-Mail Removed)...
>
>
>
>
>
> > I have a fairly simple existing network layout where all machines are
> > on one lan segment (VLAN1 10.13.1.x) sitting behind a Cisco ASA5505
> > configured as a gateway and connected to a Netopia T1 Router. I need
> > to add a VLAN (VLAN2 10.39.1.x) that will contain approx 35 IP
> > cameras. None of the cameras need to be accessable from the internet.
>
> > I have a Win2003 Std Server box configured with 2 NICs; one connected
> > to the 10.13.1.x segment the other connected to the 10.39.1.x
> > segment. As expected, I can ping and connect to devices connected to
> > either segment from this box. I have enabled RRAS on this box and have
> > created a static route that looks like this:
>
> > Destination Mask Gateway Interface
> > 10.39.0.0 255.255.0.0 10.31.1.32 LAN
>
> > I need to have machines connected to the 10.13.1.x segment reach
> > devices on VLAN2. Currently none of the VLAN1 computers can ping any
> > of the machines on VLAN2 unless I manually add a route on the
> > individual machines connected to VLAN1.
>
> > I have tried adding a static route on the Cisco ASA5505 but no joy.
>
> > This is not my area of expertise so I'd really appreciate some insight
> > on what I might be doing wrong.
>
> That is because the machines on the LAN have their default gateway
> pointing to the firewall, not to the RRAS server. As you have found you
> can
> get to the other subnet by putting a static route on each machine. You
> could
> also do it by putting the static route on the firewall to bounce the
> traffic
> for the new subnet to the RRAS router. eg
>
> Firewall {static route 10.39.0.0 255.255.0.0 10.31.1.32}
> 10.13.1.1
> |
> LAN1
> 10.13.1.x dg 10.13.1.1
> |
> 10.13.1.32 dg 10.13.1.1
> RRAS
> 10.39.1.1 dg blank
> |
> LAN2
> 10.39.1.x dg 10.39.1.1- Hide quoted text -
>
> - Show quoted text -
Thanks for the reply. I already have a static route on the ASA but I
still can't connect to machines on VLAN2. If I filter the ASA log to
to only show "10.39" traffic I see the entries with the following:
Oct 30 2008|09:10:12|305006|10.39.1.140||portmap translation creation
failed for tcp src inside:10.13.1.222/2126
Where 10.39.1.140 if the machine I'm trying to connect to and
10.13.1.222 is my laptop's IP. So it certainly seems like the issue
is on the ASA end. Question is; what am I missong.
Similar Threads
Linear Mode
