The ranting of an IT Professional

Jan 22 2011   2:27PM GMT

Routing within an interface on a ASA and my triumphant return



Posted by: Jason Tramer
Tags:
ASA
Cisco
intra site routing
routing
routing within a network

Well it has been a long time, but I am back! Sadly elements in my personal life have kept me focused on other matters for the last 8 months or so and I apologize for that but I am ready and eager to return.

For my first issue I want to talk about is with Cisco ASA’s and concerns how to set up a static route on an interface to point to another router for certain routes.

Let me give an example. You have your inside interface, lets say 192.168.1.0/24, and on this interface your have a router with an IP address of 192.168.1.10 which connects to a network of 10.0.0.0/24. Now you need your devices on the 192.168.1.0/24 network to get to the 10.0.0.0/24 network via 192.168.1.10 but that is not their default gateway. How do you do it?

Well obviously you could use static routes on the machines but that is bad practice. So you do it on the ASA.

You would set up your static route and NAT exempt as normal but it will not work. The ASA will be able to ping the 10.0.0.0 network but not the devices. Packet tracer will tell you that you have a Access List issue but you don’t.

You need to other commands to make this work:

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

This will allow your traffic to function as you intended

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: