@@christianaugustoromerogoyz8177 Just let you know, quality of video is very BAD, I can see and read text from packet tracer. if you can clear video to see better. Thanks anyway
Hello, 1) Why do you configure static route on core sw 2 at 11'45'' and not ospf route ? 2) At 19'40'' why do you use for FAI static route and not ospf ? 3) At 7'01'' you configure in core switch 1 in gig1/0/8 and gig1/0/9 => switchport mode access + switchport nonegotiate Why you don't configure in theses interfaces => switchport trunk native vlan 99 + switchport trunk encapsulation dot1q + switchport mode trunk ? Thanks a lot
Hello. These are the answers 1. and 2. ASA does not support OSPF, so that is why you need static routing 3. ASA can support trunks but in my case I'm using access ports on ASA and then neighbors like switches should use also access ports. Thank you
Hi, I have a question. I am doing almost identical topology like yours for my work security assignment and I have encountered a problem. On layer 3 switches cannot configure port-channel as I get this message "%EC-5-CANNOT_BUNDLE2: Fa0/24 is not compatible with Po3 and will be suspended (native VLAN of Fa0/24 is 99, Po3 id 1)" . First I have configured these ports as a native VLAN 99 and when I try to configure port-channel on fa0/21-24 it shows the above message. Please advice me. many thanks
when you configure a port channel or trunks, first shutdown the interfaces on all devices (two devices) then apply the configurations on the devices (two devices) finally enable the interfaces.
Hello, 1) Why do you use a vlan for network 172.160.0.0 /28 ? and why vlan 1 and not an other ? 2) If we don't use VLAN 1 for ASA it will there be a mistake ? 3) Why do you use VLAN 2 and 3 for the outside ? Can we just use adresse IP without VLAN for the ASA ? Thanks for the video bro
What kept bothering me throughout the video was that your etherchannels are in blocking state by spanning tree. What's the use of etherchannel if they are blocked
@@christianaugustoromerogoyz8177 No, between core switches, I assume one core is root for one vlan and the other switch is root for another vlan? So for intervlan routing, if the etherchannel is configured as a trunk port, you achieve intervlan routing.
@Christian Augusto Romero Goyzueta II Hi bro sorry to bother I've been doing this practise and finish it but i still have an issue. If i try to ping from the LAN like PC1 (vlan 10 ==> to vlan interface 192.168.10.1 ) it works Each vlan can reach his interface , on the other part network is also working between routers BUT if i try from PC1 to reach the FAI ( 20.20.20.1 ) for example , the ping seems to not override the firewall Do you have maybe any ideas why ? Ty
Hi Chris. May i know if the gateway for syslog is 192.168.30.1? if yes, im not be able config the syslog and ping through the 192.168.30.1. could you advice? Thank you
@@christianaugustoromerogoyz8177 thank U chirs..im not assign the vlan at distribution layer...thank u so much..im able to ping now..may i know if you have lab related with vpn+wireless? TQ
@@christianaugustoromerogoyz8177 thank you so much, I am now watching it. I am looking for a great tutorial like site to site VPN using ASA . Such as vlan users can assess servers in a remote location via VPN . For my Network University project.
@@christianaugustoromerogoyz8177 Hi , I went through your video and very good practical. can I know , is it possible to configure the 2 ASAs with HSRP like you did to Core SW ? One ASA fails other ASA will come up ?
yes, object network will use NAT to connect ASA to simulated Internet, I don't have more examples, but this playlist can have interesting projects th-cam.com/play/PLdtRZtGMukf4GGF_jvBAuNQKZEnUi4TaQ.html
@@christianaugustoromerogoyz8177 What if i have only ISP router, without remote user and vpn. Will the NAT translation work with just 3 lines of "route inside etc" without object network?
@@christianaugustoromerogoyz8177 Another question: Sometimes if i ping one of ISP ip from diffrent vlan pc's it doesnt work. What could be wrong? Is this because of one ASA being in standby mode? From core switches it is working fine.
@@sylar5708 ASA Firewalls are configured with static routing, and ISPs are configured with static routing, that is the problem, you can see the packet on simulation mode
buenas cristian, muy buen video sirvio de gran ayuda tengo algunas con la configuracion del asa me podes ayudar ? tenes algun numero para poder comunicarme ?
![[TH] 2024 PMSL SEA W2D1 | Fall | ต่อเนื่อง ในสัปดาห์สอง](http://i.ytimg.com/vi/ElcO9uC_Dbk/mqdefault.jpg)
Very helpful tutorial, thanks. It will be very helpful if you can provide .pkt file or configurations in text file.
I don't have the packet tracer file and this video shows all the necessary configurations to complete the project
Thank you so much, very helpful material!
I appreciate, thank you
WELL DONE BROTHER AUGUSTO, THANKS A LOT. GOD BLESS.
Thank you for your comment, I appreciate
@@christianaugustoromerogoyz8177 Just let you know, quality of video is very BAD, I can see and read text from packet tracer. if you can clear video to see better. Thanks anyway
@@GA-tl4iy please go to options and set video to 720 or 1080 quality
@@christianaugustoromerogoyz8177 I can not configure MAC-ADDRESS in VLANS, I have Cisco Packet Tracer 6.2 , Can you please advice? Appreciate
@@GA-tl4iy why do you need that¡
Hola Christian, ta bueno el Video, gracias.
Saludos
Christian
Gracias por tu comentario, lo aprecio bastante
@@christianaugustoromerogoyz8177 Hola, Te envie un email @ romeroc42@gmail.com echale una mirada,pls.
Very good video, thanks for uploading, please could you provide the output of show vlan and show int trunk of the access and core switches.
I sent you a message on google hangouts
your videos are so good for me :-) THank you so much for your great efforts to share!!!!!
Thank you for all your support, I appreciate
Hello,
1) Why do you configure static route on core sw 2 at 11'45'' and not ospf route ?
2) At 19'40'' why do you use for FAI static route and not ospf ?
3) At 7'01'' you configure in core switch 1 in gig1/0/8 and gig1/0/9 => switchport mode access + switchport nonegotiate
Why you don't configure in theses interfaces => switchport trunk native vlan 99 + switchport trunk encapsulation dot1q + switchport mode trunk ?
Thanks a lot
Hello. These are the answers
1. and 2. ASA does not support OSPF, so that is why you need static routing
3. ASA can support trunks but in my case I'm using access ports on ASA and then neighbors like switches should use also access ports.
Thank you
On the left side the port-channel is 2, will there be same number on right side?
yes, should be the same number
Hello,
If we had a link between ASA-1 and ASA-2.
What zone would that be ?
Thanks a lot
can be a new vlan, but you can use vlan 1 on that link
Hi, I have a question. I am doing almost identical topology like yours for my work security assignment and I have encountered a problem. On layer 3 switches cannot configure port-channel as I get this message "%EC-5-CANNOT_BUNDLE2: Fa0/24 is not compatible with Po3 and will be suspended (native VLAN of Fa0/24 is 99, Po3 id 1)" . First I have configured these ports as a native VLAN 99 and when I try to configure port-channel on fa0/21-24 it shows the above message. Please advice me. many thanks
when you configure a port channel or trunks, first shutdown the interfaces on all devices (two devices) then apply the configurations on the devices (two devices) finally enable the interfaces.
Hello,
1) Why do you use a vlan for network 172.160.0.0 /28 ? and why vlan 1 and not an other ?
2) If we don't use VLAN 1 for ASA it will there be a mistake ?
3) Why do you use VLAN 2 and 3 for the outside ? Can we just use adresse IP without VLAN for the ASA ?
Thanks for the video bro
Hello, a lot of modifications are possible, and this is only an example thatmay vary
What kept bothering me throughout the video was that your etherchannels are in blocking state by spanning tree. What's the use of etherchannel if they are blocked
etherchannel will be used for add bandwidth and multiple paths will be used if main paths fail (redundancy)
@@christianaugustoromerogoyz8177 No, between core switches, I assume one core is root for one vlan and the other switch is root for another vlan? So for intervlan routing, if the etherchannel is configured as a trunk port, you achieve intervlan routing.
@@abhishekshah11 That will work fine
Hi, is it possible to use HSRP on vlan 1 (between coreSW1 and coreSW2)?
Yes, ,you can use HSRP on interfaces on layer 3 switches (CORESW1 CORESW2)
@Christian Augusto Romero Goyzueta II
Hi bro sorry to bother
I've been doing this practise and finish it but i still have an issue.
If i try to ping from the LAN like PC1 (vlan 10 ==> to vlan interface 192.168.10.1 ) it works
Each vlan can reach his interface , on the other part network is also working between routers
BUT if i try from PC1 to reach the FAI ( 20.20.20.1 ) for example , the ping seems to not override the firewall
Do you have maybe any ideas why ?
Ty
you need to add a configuration on firewalls to pass ping (inspect icmp)
I face the problem of STP during the simulation, do you have any clues?
there are no STP configurations here but you can do it if is necessary,
Hello,
At 15'34'',
Why do you write in ASA-1 "object network NET_LOCAL
subnet 192.168.0.0 255.255.0.0" ?
Thanks a lot
you create two objects NET LOCAL and NET REMOTE, on next lines you will see ACL that is configured to permit traffic using the objects
Hi chris, may i know where actually you configure the VLAN? through the access or at CORE 3 nor CORE 4?
Thank you
Configure trunks, vlans and assign vlans to ports, all on Layer 2
@@christianaugustoromerogoyz8177 noted.thank U
Hi Chris. May i know if the gateway for syslog is 192.168.30.1? if yes, im not be able config the syslog and ping through the 192.168.30.1. could you advice? Thank you
@@rindu2909 please assign vlan 30 to the port connected from switch to server
@@christianaugustoromerogoyz8177 thank U chirs..im not assign the vlan at distribution layer...thank u so much..im able to ping now..may i know if you have lab related with vpn+wireless? TQ
Why My vlan 10 20 30 40 on CoreSw can't up?
please enable trunk interface or access interface on the device, also configure the vlans to add on vlan table.
@@christianaugustoromerogoyz8177 i mean the gateway vlan on layer 3 switches
@@agariskika3486 don't forget no shutdown command and configure an access port and assign to that vlan or configure trunks correctly
@@christianaugustoromerogoyz8177now the vlan is up, but can't ping the user, all trunk and access is done
@@agariskika3486 you need to configure routes, static routes
What does mean FAI ? it's like a second ISP ?
FAI is noly name, is a second ISP
hello could you also send me outputs vlan and trunk briefs of access and core switches. great vid thank you
Hello, I just showed all configurations and I don't have the files with configurations, so please try to implement your own file.
are you just showing preconfigured configurations ?
This is the updated video, you can see all the configs
th-cam.com/video/1E0HluxxwAk/w-d-xo.html
@@christianaugustoromerogoyz8177 thank you so much, I am now watching it. I am looking for a great tutorial like site to site VPN using ASA . Such as vlan users can assess servers in a remote location via VPN . For my Network University project.
@@christianaugustoromerogoyz8177 Hi , I went through your video and very good practical. can I know , is it possible to configure the 2 ASAs with HSRP like you did to Core SW ? One ASA fails other ASA will come up ?
@@thepuldarshana9056 ASA's are not supporting HSRP on packet tracer, but we need to verify that on real devices
@@christianaugustoromerogoyz8177 ok I understand. Thank you
Great topology! can i have the PKT file sir?
I don't have the file, please if you can capture the running-config shown in the video
Are the object network on ASA needed just to connect to ISP router?
Do you have any other labs with 2 asa and 2 core switches?
yes, object network will use NAT to connect ASA to simulated Internet, I don't have more examples, but this playlist can have interesting projects th-cam.com/play/PLdtRZtGMukf4GGF_jvBAuNQKZEnUi4TaQ.html
@@christianaugustoromerogoyz8177 What if i have only ISP router, without remote user and vpn. Will the NAT translation work with just 3 lines of "route inside etc" without object network?
@@sylar5708 for only one ISP you need NAT with object network, dynamic NAT
@@christianaugustoromerogoyz8177
Another question: Sometimes if i ping one of ISP ip from diffrent vlan pc's it doesnt work. What could be wrong? Is this because of one ASA being in standby mode? From core switches it is working fine.
@@sylar5708 ASA Firewalls are configured with static routing, and ISPs are configured with static routing, that is the problem, you can see the packet on simulation mode
can you share the lab output please
hello, I don't have the file
buenas cristian, muy buen video
sirvio de gran ayuda
tengo algunas con la configuracion del asa
me podes ayudar ?
tenes algun numero para poder comunicarme ?
Gracias por seguir mi canal, mi whatsapp es +51 931033196
Thanks for the video, can you please share the configurations command file, Thank you
I don't have the commands on text but video shows all commands please try those commands, will work
@@christianaugustoromerogoyz8177 Noted with thanks
@@user-fz4uo9it4m thank you
@@christianaugustoromerogoyz8177 Noted and thank you,
@@christianaugustoromerogoyz8177 I have setup your topology and having some issues so could you please give me the packet tracer file?
can you please share a topology file.
use social media shown on 00:03 but anyway there is an update th-cam.com/video/1E0HluxxwAk/w-d-xo.html
Please improve the sound of video
thank you, I will do it
hi, very good video. Can you please send me the pkt file?
I don't have the file, but you can create the file using this video
hi
hi
Hi Plz send Pkt Lab file. Thank you
Hello, I'm sorry I don't have the file. You can use the video to configure all the network
Can you give me your Lab?
I don't have the file, but please follow steps on video
hi, you can give me file.pkt
I don't have the file but I can do it again, romeroc42@gmail.com
please send me file.pkt or CONFIGURATION FILE on santanumanna365@gmail.com
Can you send me the packet tracer file on rehanmistry38@gmail.com