Tweet
Mình có sơ đồ kết nối như hình.
+ Vấn đề là các host trong vlan 1, vlan 2, vlan 3, vlan 4 không ping ra internet được nhưng ping tới được ASA 5506 (13.0.0.1 /24), và từ CoreSW mình đã ping tới internet được.
mình đã kiểm tra và không biết vấn đề nằm ở đâu. Rất mong được giúp đỡ.
đây là cấu hình.
CoreSW
version 12.2(37)SE1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname CoreSW
!
!
enable password cisco123
!
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/1
no switchport
ip address 18.0.0.5 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/2
no switchport
ip address 12.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface FastEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface FastEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
!
interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport access vlan 5
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/11
switchport access vlan 6
switchport trunk encapsulation dot1q
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/12
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/13
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/14
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/15
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/16
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/17
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/18
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
ip helper-address 12.0.0.2
!
interface Vlan2
mac-address 0090.21cc.c401
ip address 192.168.20.1 255.255.255.0
ip helper-address 12.0.0.2
!
interface Vlan3
mac-address 0090.21cc.c402
ip address 192.168.30.1 255.255.255.0
ip helper-address 12.0.0.2
!
interface Vlan4
mac-address 0090.21cc.c403
ip address 192.168.40.1 255.255.255.0
ip helper-address 12.0.0.2
!
interface Vlan5
mac-address 0090.21cc.c404
ip address 192.168.50.1 255.255.255.0
!
interface Vlan6
mac-address 0090.21cc.c405
ip address 13.0.0.2 255.255.255.0
!
router rip
version 2
network 12.0.0.0
network 13.0.0.0
network 192.168.10.0
network 192.168.20.0
network 192.168.30.0
network 192.168.40.0
network 192.168.50.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 13.0.0.1
!
ip flow-export version 9
!
!
!
!
!
!
!
ASA5506
ASA Version 9.6(1)
!
hostname ciscoasa
names
!
interface GigabitEthernet1/1
nameif inside
security-level 100
ip address 13.0.0.1 255.255.255.0
!
interface GigabitEthernet1/2
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
!
interface GigabitEthernet1/3
nameif dmz
security-level 50
ip address 11.0.0.1 255.255.255.0
!
interface GigabitEthernet1/4
nameif partner
security-level 60
ip address 14.0.0.1 255.255.255.0
!
interface GigabitEthernet1/5
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/7
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/8
no nameif
no security-level
no ip address
shutdown
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
object network allsubinside
subnet 0.0.0.0 0.0.0.0
object network partner
subnet 14.0.0.0 255.255.255.0
!
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
!
access-list permiticmp extended permit icmp any any echo-reply
access-list 100 extended permit ip any any
!
!
access-group 100 in interface outside
access-group 100 in interface inside
object network allsubinside
nat (inside,outside) dynamic interface
object network partner
nat (partner,outside) dynamic interface
!
!
!
!
!
!
!
telnet timeout 5
ssh timeout 5
!
!
!
!
!
router rip
version 2
network 10.0.0.0
network 13.0.0.0
no auto-summary
!
+ Vấn đề là các host trong vlan 1, vlan 2, vlan 3, vlan 4 không ping ra internet được nhưng ping tới được ASA 5506 (13.0.0.1 /24), và từ CoreSW mình đã ping tới internet được.
mình đã kiểm tra và không biết vấn đề nằm ở đâu. Rất mong được giúp đỡ.
đây là cấu hình.
CoreSW
version 12.2(37)SE1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname CoreSW
!
!
enable password cisco123
!
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/1
no switchport
ip address 18.0.0.5 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/2
no switchport
ip address 12.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface FastEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface FastEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
!
interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport access vlan 5
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/11
switchport access vlan 6
switchport trunk encapsulation dot1q
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/12
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/13
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/14
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/15
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/16
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/17
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/18
switchport access vlan 6
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
ip helper-address 12.0.0.2
!
interface Vlan2
mac-address 0090.21cc.c401
ip address 192.168.20.1 255.255.255.0
ip helper-address 12.0.0.2
!
interface Vlan3
mac-address 0090.21cc.c402
ip address 192.168.30.1 255.255.255.0
ip helper-address 12.0.0.2
!
interface Vlan4
mac-address 0090.21cc.c403
ip address 192.168.40.1 255.255.255.0
ip helper-address 12.0.0.2
!
interface Vlan5
mac-address 0090.21cc.c404
ip address 192.168.50.1 255.255.255.0
!
interface Vlan6
mac-address 0090.21cc.c405
ip address 13.0.0.2 255.255.255.0
!
router rip
version 2
network 12.0.0.0
network 13.0.0.0
network 192.168.10.0
network 192.168.20.0
network 192.168.30.0
network 192.168.40.0
network 192.168.50.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 13.0.0.1
!
ip flow-export version 9
!
!
!
!
!
!
!
ASA5506
ASA Version 9.6(1)
!
hostname ciscoasa
names
!
interface GigabitEthernet1/1
nameif inside
security-level 100
ip address 13.0.0.1 255.255.255.0
!
interface GigabitEthernet1/2
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
!
interface GigabitEthernet1/3
nameif dmz
security-level 50
ip address 11.0.0.1 255.255.255.0
!
interface GigabitEthernet1/4
nameif partner
security-level 60
ip address 14.0.0.1 255.255.255.0
!
interface GigabitEthernet1/5
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/7
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/8
no nameif
no security-level
no ip address
shutdown
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
object network allsubinside
subnet 0.0.0.0 0.0.0.0
object network partner
subnet 14.0.0.0 255.255.255.0
!
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
!
access-list permiticmp extended permit icmp any any echo-reply
access-list 100 extended permit ip any any
!
!
access-group 100 in interface outside
access-group 100 in interface inside
object network allsubinside
nat (inside,outside) dynamic interface
object network partner
nat (partner,outside) dynamic interface
!
!
!
!
!
!
!
telnet timeout 5
ssh timeout 5
!
!
!
!
!
router rip
version 2
network 10.0.0.0
network 13.0.0.0
no auto-summary
!