Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
12
Helpful
6
Replies

Forward packet on same subnet

J.Kneebone
Level 1
Level 1

‎03-03-2008 12:30 PM - edited ‎03-03-2019 08:56 PM

In order to accomodate a misbehaving application which ignores the routing table on the host and forwards all packets to the default route, I have a need to allow our 2811 router to accept packets from this system and forward them on the same subnet to our ASA 5510 firewall.

Debugs on the 2811 Router show packets received from this host destined for the firewall dropped with an "access denied" message.

I know that Pix firewalls will not forward packets on the same interface, but I seem to recall having no issues with doing this on IOS routers in the past.

I have tried to allow the router to send back ICMP redirects by enabling "ip redirect" on the interface, while this works it is extremely slow for the host machine causing other problems.

Labels:
0 Helpful
6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

‎03-03-2008 12:41 PM

Hi

You should be able to redirect packets out of the same interface on a router so could you post the config of the 2811.

Jon

Richard Burts
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎03-03-2008 01:04 PM

Jon (K)

I agree with Jon (M) that having your router forward packets back out the same interface that were received on should be no issue for the router. Your post talks about access denied and that sounds very much like that there was an access list on the interface. So seeing the router config would be very helpful. It might also be nice if you would post examples of the error message that you are seeing.

HTH

Rick

HTH

Rick

J.Kneebone
Level 1
Level 1
In response to Jon Marshall

‎03-03-2008 01:08 PM

I had an access list on the outbound inteface that was intended to block traffic from the inside.

It just occurred to me that it would also apply to traffic being bounced off the interface from the outside as well.

Thanks for helping me get back on the right thought train...

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to J.Kneebone

‎03-03-2008 01:13 PM

Jon

Glad that we were able to help.

HTH

Rick

HTH

Rick
0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎03-03-2008 02:35 PM

Really the rating should have higher for the post above that is 100% correct and generous in willing to help by asking for configuration, so I've tried to balance things a bit with my '5'.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to paolo bevilacqua

‎03-03-2008 02:52 PM

Hi Paolo

Many thanks for taking the time to read and rate. Hope to return the favour sometime :)

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card