Route via another PIX

Answered Question
Jul 15th, 2008

Hi,

I have an ASA 5510 (192.168.123.254) that is my default gateway on my LAN (192.168.123.0). I also have a PIX (192.168.123.253) on my LAN that has a VPN established to another site that has a 192.168.11.0 network. My servers on the 192.168.123.0 network need to be able to communicate with the 192.168.11.0 network. I am currently using staic routes on the servers to enable this (and it works fine) but I do not want to continue doing this. The inside port on the ASA is called PRG_LAN so I have added the command: route PRG_LAN 192.168.11.0 255.255.255.0 192.168.123.253 1 to the ASA but when I remove the static route on the servers they cannot ping 192.168.11.63 as the could before. I thought the above static route would enable this. Any advise would be very welcome.

TIA,

Jaime

I have this problem too.
0 votes
Correct Answer by lee.reade about 8 years 4 months ago
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
lee.reade Tue, 07/15/2008 - 03:30

Hi,

This is called hair-pinning, basically firewalls will not send incoming traffic back out the same interface as it came in on.

Most firewalls do this, all Cisco, as far as i remember.

Either put a router in front of the ASA and your LAN, or continue using the static routes.

HTH

LR

Actions

This Discussion