07-15-2008 03:07 AM - edited 03-06-2019 12:11 AM
Hi,
I have an ASA 5510 (192.168.123.254) that is my default gateway on my LAN (192.168.123.0). I also have a PIX (192.168.123.253) on my LAN that has a VPN established to another site that has a 192.168.11.0 network. My servers on the 192.168.123.0 network need to be able to communicate with the 192.168.11.0 network. I am currently using staic routes on the servers to enable this (and it works fine) but I do not want to continue doing this. The inside port on the ASA is called PRG_LAN so I have added the command: route PRG_LAN 192.168.11.0 255.255.255.0 192.168.123.253 1 to the ASA but when I remove the static route on the servers they cannot ping 192.168.11.63 as the could before. I thought the above static route would enable this. Any advise would be very welcome.
TIA,
Jaime
Solved! Go to Solution.
07-15-2008 03:32 AM
Hi,
Well it looks like you can do this now..
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml
HTH
LR
07-15-2008 03:30 AM
Hi,
This is called hair-pinning, basically firewalls will not send incoming traffic back out the same interface as it came in on.
Most firewalls do this, all Cisco, as far as i remember.
Either put a router in front of the ASA and your LAN, or continue using the static routes.
HTH
LR
07-15-2008 03:32 AM
Hi,
Well it looks like you can do this now..
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml
HTH
LR
07-15-2008 05:15 AM
brilliant - thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide