The ranting of an IT Professional

Jan 22 2011   2:27PM GMT

Routing within an interface on a ASA and my triumphant return

Jason Tramer Jason Tramer Profile: Jason Tramer

Well it has been a long time, but I am back! Sadly elements in my personal life have kept me focused on other matters for the last 8 months or so and I apologize for that but I am ready and eager to return.

For my first issue I want to talk about is with Cisco ASA’s and concerns how to set up a static route on an interface to point to another router for certain routes.

Let me give an example. You have your inside interface, lets say, and on this interface your have a router with an IP address of which connects to a network of Now you need your devices on the network to get to the network via but that is not their default gateway. How do you do it?

Well obviously you could use static routes on the machines but that is bad practice. So you do it on the ASA.

You would set up your static route and NAT exempt as normal but it will not work. The ASA will be able to ping the network but not the devices. Packet tracer will tell you that you have a Access List issue but you don’t.

You need to other commands to make this work:

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

This will allow your traffic to function as you intended

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: