01-03-2008 02:41 AM - edited 03-12-2019 05:56 PM
I have a ASA '1' connected to an external subnet 'B' - this ASA is the default gateway for this subnet 'B'. I also have a second ASA '2' (inside on subnet 'B', outside on subnet 'C') connected to this subnet with a connection to subnet 'C'.
All devices on subnet 'B' have a default gateway of ASA 1, ASA 1 also has a static route pointing to subnet 'C' via ASA 2. Currently ASA 2 has 'any/any' rules on both the inside and outside interfaces. I can ping from a host on subnet B to subnet C, however I cannot RDP from subnet B to subnet C. I can RDP and Ping from subnet C to B. No 'Deny' entries are being seen in either of the ASA logs so it looks like the ACL's are OK. Neither of the ASA's are Natting - only routing.
I have enabled ICMP on the outside interface of ASA 1.
01-03-2008 02:58 AM
01-03-2008 05:59 AM
on ASA1, make sure you have the following command in your config:
same-security-traffic permit intra-interface
...if you already do, please post your configs.
01-03-2008 06:02 AM
This has already been done :-(
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: