ASA 5510 - ICMP Redirect on outside interface

Unanswered Question

I have a ASA '1' connected to an external subnet 'B' - this ASA is the default gateway for this subnet 'B'. I also have a second ASA '2' (inside on subnet 'B', outside on subnet 'C') connected to this subnet with a connection to subnet 'C'.

All devices on subnet 'B' have a default gateway of ASA 1, ASA 1 also has a static route pointing to subnet 'C' via ASA 2. Currently ASA 2 has 'any/any' rules on both the inside and outside interfaces. I can ping from a host on subnet B to subnet C, however I cannot RDP from subnet B to subnet C. I can RDP and Ping from subnet C to B. No 'Deny' entries are being seen in either of the ASA logs so it looks like the ACL's are OK. Neither of the ASA's are Natting - only routing.

I have enabled ICMP on the outside interface of ASA 1.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Thu, 01/03/2008 - 05:59
User Badges:
  • Blue, 1500 points or more

on ASA1, make sure you have the following command in your config:

same-security-traffic permit intra-interface

...if you already do, please post your configs.


This Discussion