Routing within an interface on a ASA and my triumphant return

Well it has been a long time, but I am back! Sadly elements in my personal life have kept me focused on other matters for the last 8 months or so and I apologize for that but I am ready and eager to return.

For my first issue I want to talk about is with Cisco ASA’s and concerns how to set up a static route on an interface to point to another router for certain routes.

Let me give an example. You have your inside interface, lets say 192.168.1.0/24, and on this interface your have a router with an IP address of 192.168.1.10 which connects to a network of 10.0.0.0/24. Now you need your devices on the 192.168.1.0/24 network to get to the 10.0.0.0/24 network via 192.168.1.10 but that is not their default gateway. How do you do it?

Well obviously you could use static routes on the machines but that is bad practice. So you do it on the ASA.

You would set up your static route and NAT exempt as normal but it will not work. The ASA will be able to ping the 10.0.0.0 network but not the devices. Packet tracer will tell you that you have a Access List issue but you don’t.

You need to other commands to make this work:

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

This will allow your traffic to function as you intended