ASA redirection using (same-security-traffic permit intra)

Unanswered Question
Apr 27th, 2007
User Badges:

I've deployed the ASA fw for different purpose. One is for Internet access and the other for site-to-site VPN connection. All the internal user's default gw is pointing to the Internet one, and this one contain the specific static route back to the VPN one. The command "same-security-traffic permit intra" already in placed, but the ASA still can not redirect the traffic to the VPN one for remote site connection. Both ASA are running 7.2(2).

Please advice


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
oabduo983 Fri, 04/27/2007 - 03:24
User Badges:
  • Bronze, 100 points or more

Being very specific on your static route statements, for every VPN remote site, you will have to have two static route statments one to reach the peer's outside network (or IP), another is to reach the internal network of the peer's network...

Have you tried (for troubleshooting purpose) pointing your clients to your Site2Site Firewall and verified it works fine?

Plz Rate if this helps

laut Fri, 04/27/2007 - 17:12
User Badges:

Sure that the VPN one is working properly, because i've setup my laptop pointing to the VPN one for default gw and it can access all the remote sites.


oabduo983 Fri, 04/27/2007 - 18:35
User Badges:
  • Bronze, 100 points or more

Just follow what I said earlier about having two route inside statements on your internal firewall one going to the outside address for your peer and another going to the internal subnet of your peer... this should solve your issue...

laut Mon, 04/30/2007 - 00:06
User Badges:

My problem is the ASA firewall can not redirect the traffic to the VPN one. If i put a layer-3 switch or router, the problem is solved. I just want to know the command purpose of "same-security-traffic", even the command in place but the application can not redirect.



This Discussion