Solved: Route via another PIX

jaimewalker · ‎07-15-2008

Hi,

I have an ASA 5510 (192.168.123.254) that is my default gateway on my LAN (192.168.123.0). I also have a PIX (192.168.123.253) on my LAN that has a VPN established to another site that has a 192.168.11.0 network. My servers on the 192.168.123.0 network need to be able to communicate with the 192.168.11.0 network. I am currently using staic routes on the servers to enable this (and it works fine) but I do not want to continue doing this. The inside port on the ASA is called PRG_LAN so I have added the command: route PRG_LAN 192.168.11.0 255.255.255.0 192.168.123.253 1 to the ASA but when I remove the static route on the servers they cannot ping 192.168.11.63 as the could before. I thought the above static route would enable this. Any advise would be very welcome.

TIA,

Jaime

lee.reade · ‎07-15-2008

Hi,

Well it looks like you can do this now..

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml

HTH

LR

View solution in original post

lee.reade · ‎07-15-2008

Hi,

This is called hair-pinning, basically firewalls will not send incoming traffic back out the same interface as it came in on.

Most firewalls do this, all Cisco, as far as i remember.

Either put a router in front of the ASA and your LAN, or continue using the static routes.

HTH

LR

lee.reade · ‎07-15-2008

Hi,

Well it looks like you can do this now..

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml

HTH

LR

jaimewalker · ‎07-15-2008

brilliant - thanks