ASA5510 as default gateway problem

sebastian.yanez · ‎07-21-2009

Hi everybody!

I have an ASA5510 with an "inside" and "outside" topology.

All users at 192.168.1.0/24 network are using the ASA to reach Internet.

Now I have a new router in the inside.

The problem is users cannot reach 192.168.2.0/24 network at the new router.

I was looking for some configuration examples and I found "same-security-traffic permit intra-interface" command. It did not help me at all. Not sure if this command is available only for VPN connections.

I attached the LAN drawing.

Any idea?

Thank you everybody!

andrew.prince · ‎07-22-2009

Sebastian,

You are trying to make the ASA act as a router for the 192.168.2.0/24 network - when you have a perfectly good router to perform that function, my reccomendation is:-

1) Have all servers/desktops iin the 192.168.1.0/24 point to the router as the default gateway.

2) Have a static default route in the router pointing to the ASA for internet traffic.

3) Have a route in the ASA for the 192.168.2.0/24 network pointing to the 192.168.1.2 IP of the router.

This will fix all your issues - and correct your topology.

HTH>

adis · ‎07-22-2009

Thank you very much for your reply.

I was thinking the same answer. Just wanted to know if there was another possibility.

Your solution seems ok for me.

Thanks again!

Sebastian

andrew.prince · ‎07-22-2009

np - glad to help