Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
5
Helpful
2
Replies

Routing and ASA

serotonin888
Level 1
Level 1

‎05-17-2007 11:46 PM - edited ‎02-21-2020 01:31 AM

Hi,

I would like to use an ASA (7.2) as the DG for clients on a single subnet site. The site does not have a router that i have access to. However, the site also has dedicated circuit connected to the LAN allowing access to several remote sites. However, i have no control of the router.

I would like to add routes on the inside interface of the ASA directing selected traffic to the router.

However, despite setting same-security-traffic inter-interface. I still have problems. Despite explicitly allowing the traffic i see the following syslog messages.

106015|LAN_IP|REMOTE_IP|Deny TCP (no connection) from LAN_IP/3422 to REMOTE_IP/80 flags RST on interface Inside

My questions are -

1) Is what im trying to do possible

2) If yes, what do i need to do to enable it

Cheers

Andy

0 Helpful
2 Replies 2

keith_chilek
Level 1
Level 1

‎05-18-2007 01:14 PM

I have been told this is very difficult to do. Supposedly, you can make the ASA route "in and out" of the same interface but it's difficult and not recommended. It's much better to have a router or layer-3 switch internally and have the clients use that as their DG.

0 Helpful

acomiskey
Level 10
Level 10

‎05-18-2007 04:20 PM

It is intra-interface, not inter-interface to allow traffic in and out of same interface. Inter is for traffic between interfaces with same security level.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card