Adding route on ASA

bapatsubodh · ‎10-16-2008

Hi,

We have one weird requirement it is as follows

1. Our ASA outside subnet is A.B.C.0 /24

2. Our ASA DMZ subnet is : P.Q.R.0 /24

3. Our ASA inside subnet is X.Y.Z.0 /24

with last digit .1 is the ip address of the interface.

Now we have one host from outside subnet hosted in the DMZ region. This is required for Microsoft OCS server for Audio and Video support ( NAT of the IP address is not allowed for Voice/Video). I need to configure this host with A.B.C.11 / 24 ( this is from the outside subnet ) in the DMZ region. We are struck with this problem as we are not able to give default gateway to this host. We plan to give secondary IP address from the DMZ subnet but not sure if this will work. I have done static (dmz,outside) A.B.C.11 A.B.C.11. And have given access from outside interface for full ip just for testing.

How do we configure this host and also ASA so that it will send the traffic to this server and also will receive the traffic from this server.

Any experience please share.

Thanks in advance

Subodh

hadbou · ‎10-22-2008

configure an available free interface on ASA for same security level as the outside interface. connect the Microsoft OCS server on this interface network. Also permit same-security-traffic by using the command "same-security-traffic inter-interfaceâ€. To permit communication between interfaces with equal security levels, or to allow traffic to enter and exit the same interface, use the same-security-traffic command in global configuration mode.inter-interface option Permits communication between different interfaces that have the same security level. This setup will work fine so that ASA will send the traffic to this server and also will receive the traffic from this server