Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
231
Views
0
Helpful
1
Replies

Unable to access a different network

donnie
Level 1
Level 1

‎11-06-2008 02:56 AM - edited ‎03-06-2019 02:20 AM

Hi all. All my office PCs are connected to a cisco asa5510 gateway at 192.168.1.254. Recently we bought over a new company and integrate their private lan with ours. For the initial stage we did not let them use the same private ip. They are using 192.168.2.0/24 subnet. Their fortigate gateway has an interface that is connected to our office lan with the ip 192.168.1.200. If i add the below static route to my firewall it could not work.

route inside 192.168.2.0 255.255.255.0 192.168.1.200

I have already ensure that the fortigate firewall is already properly configured with correct static route and firewall policy. When i add the static route on my office pc manually, i could connect to 192.168.2.0 subnet. My cisco asa5510 is of asa version 7.2(4), hence there should be no hairpinning issue. When i check my asa firewall log i see "2008-11-06 17:27:00 Local4.Error 192.168.1.254 Nov 06 2008 02:38:38: %ASA-3-106014: Deny inbound icmp src inside:192.168.1.11 dst inside:192.168.2.3 (type 8, code 0)" How do i solve this? THks in advance.

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎11-06-2008 03:40 AM

You are right in that the ASA supports hairpinning but what have you done in your config to set this up ?

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card