HI,
I seem to have a bit of an issue with routing, I've tried a lot, but obviously not enough, I'm hoping you could shed some light on the issue please.
description to start off with:
My setup is:
Billion 7800n connected to ADSL out to Ser Prov.
Connected into port 1 I have a trunk port going down to a Cisco ASA trunking 3 vlans.
connected to the ASA is my laptop.
my issue is that I can't seem to get traffic to route back through to my ASA from my 7800, (at least that's what I think the issue is)
Access-lists and such on the ASA are fine, at least when I run captures I can see traffic exiting my ASA and heading up to the 7800.
On the 7800 if I look under the firewall logs, i can see DNS traffic exiting the device but nothing coming back in.. however...
If I connect my laptop straight into the 7800, everything works fine... also if I ping (tcp or otherwise) from the ASA i can get out onto the internet fine.
please see screen shot attached from the 7800 firewall log.
It seems to me, like possibly the dns traffic is coming back, but because the 7800 doesn't have an ARP entry for my laptop (as it's behind the ASA) it doesn't know where to send it, which is odd because I've entered the static routes in the routing table to point to my ASA using the Lan/Br0 interface for the route back.
I've also added the relevant ASA interface as a DMZ and added some virtual server rules in (i'd not have thought this necessary though as it should be stateful)
As you can see from the attachment, my laptop plugged into the 7800 is on 172.16.15.4 (working fine) and the laptop not getting a response is on 172.16.10.2
IP addresses 208.67.222.222, 8.8.8.8 & 8.8.4.4 are DNS servers
I've tried it using all the same DNS servers too, same result.
I've also attached a vlan table screen shot and a routing table screen shot.
any ideas?
7800N routing Issue
-
ASA_bod
- Posts: 2
- Joined: Tue Nov 04, 2014 8:57 pm
7800N routing Issue
You do not have the required permissions to view the files attached to this post.
-
billion_fan
- Posts: 5375
- Joined: Tue Jul 19, 2011 4:30 pm
Re: 7800N routing Issue
I think the problem might the VLAN rules, the 7800N VLAN is only supposed to be use for IPTV
-
ASA_bod
- Posts: 2
- Joined: Tue Nov 04, 2014 8:57 pm
Re: 7800N routing Issue
Hi Billion_Fan, thanks for the reply,
I guess from your reply that you can't see that I've done anything out of the ordinary in regard to setting up the router other than try to use Vlans? (i.e. use of the DMZ or of the virtual server?) from the instruction sheet Static routing on this device seems just like most others I've had to config, which is to say pretty straight forward.
Proxy ARP is fine on the ASA too although I've not sniffed it, I'm pretty sure it'll be working.
It does seem a little bit strange though that an office routers vlan capability is only limited to be used for IPTV but that aside, IPTV would potentially use DNS too so in that regard it really ought to be returning traffic at least DNS traffic.
I guess I'll have to find another way around this issue.
Thanks
I guess from your reply that you can't see that I've done anything out of the ordinary in regard to setting up the router other than try to use Vlans? (i.e. use of the DMZ or of the virtual server?) from the instruction sheet Static routing on this device seems just like most others I've had to config, which is to say pretty straight forward.
Proxy ARP is fine on the ASA too although I've not sniffed it, I'm pretty sure it'll be working.
It does seem a little bit strange though that an office routers vlan capability is only limited to be used for IPTV but that aside, IPTV would potentially use DNS too so in that regard it really ought to be returning traffic at least DNS traffic.
I guess I'll have to find another way around this issue.
Thanks