Route via another PIX

Answered Question
Jul 15th, 2008
User Badges:

Hi,

I have an ASA 5510 (192.168.123.254) that is my default gateway on my LAN (192.168.123.0). I also have a PIX (192.168.123.253) on my LAN that has a VPN established to another site that has a 192.168.11.0 network. My servers on the 192.168.123.0 network need to be able to communicate with the 192.168.11.0 network. I am currently using staic routes on the servers to enable this (and it works fine) but I do not want to continue doing this. The inside port on the ASA is called PRG_LAN so I have added the command: route PRG_LAN 192.168.11.0 255.255.255.0 192.168.123.253 1 to the ASA but when I remove the static route on the servers they cannot ping 192.168.11.63 as the could before. I thought the above static route would enable this. Any advise would be very welcome.

TIA,

Jaime

Correct Answer by lee.reade about 9 years 1 week ago
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
lee.reade Tue, 07/15/2008 - 03:30
User Badges:
  • Silver, 250 points or more

Hi,


This is called hair-pinning, basically firewalls will not send incoming traffic back out the same interface as it came in on.


Most firewalls do this, all Cisco, as far as i remember.


Either put a router in front of the ASA and your LAN, or continue using the static routes.


HTH


LR

Actions

This Discussion