Adding route on ASA

Unanswered Question
Oct 16th, 2008
User Badges:


We have one weird requirement it is as follows

1. Our ASA outside subnet is A.B.C.0 /24

2. Our ASA DMZ subnet is : P.Q.R.0 /24

3. Our ASA inside subnet is X.Y.Z.0 /24

with last digit .1 is the ip address of the interface.

Now we have one host from outside subnet hosted in the DMZ region. This is required for Microsoft OCS server for Audio and Video support ( NAT of the IP address is not allowed for Voice/Video). I need to configure this host with A.B.C.11 / 24 ( this is from the outside subnet ) in the DMZ region. We are struck with this problem as we are not able to give default gateway to this host. We plan to give secondary IP address from the DMZ subnet but not sure if this will work. I have done static (dmz,outside) A.B.C.11 A.B.C.11. And have given access from outside interface for full ip just for testing.

How do we configure this host and also ASA so that it will send the traffic to this server and also will receive the traffic from this server.

Any experience please share.

Thanks in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hadbou Wed, 10/22/2008 - 10:29
User Badges:
  • Bronze, 100 points or more

configure an available free interface on ASA for same security level as the outside interface. connect the Microsoft OCS server on this interface network. Also permit same-security-traffic by using the command "same-security-traffic inter-interface”. To permit communication between interfaces with equal security levels, or to allow traffic to enter and exit the same interface, use the same-security-traffic command in global configuration mode.inter-interface option Permits communication between different interfaces that have the same security level. This setup will work fine so that ASA will send the traffic to this server and also will receive the traffic from this server


This Discussion