ASA packet flow

Unanswered Question
Aug 9th, 2010
User Badges:

Hi everybody,


My question is: I have an ASA5505 as default gateway (192.168.60.101/24), and a CME router in the same network (192.168.60.254/24) which has others subnets behind, 192.168.61.0/24 (VoIP) & 10.1.10.0/252 (CUE). All my computers has the ASA as default gateway. My problem is, If I try to reach from any computer to the 192.168.61.0/24 network, the ASA does not allow giving an error like this:


Example for ICMP:

"Deny inbound icmp src inside:192.168.60.13 dst inside:192.168.61.1 (type 8, code 0)"


From the firewall rules, I give access from any inbound to inbound traffic, but does not work. I know the packet flow is peculiar because it goes out from the same interface that it came (inside), but it might be possible, isn't' it?


Thanks a lot,


Antonio.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
August Ritchie Mon, 08/09/2010 - 11:02
User Badges:
  • Bronze, 100 points or more

As a note you will want to change you static (inside,inside) to read something like this.





static (inside,inside) 192.168.61.0 192.168.61.0 netmask 255.255.255.255


Then the rest would be the same



same-security-traffic permit intra-interface


global (inside) 1 interface
Kureli Sankar Mon, 08/09/2010 - 12:26
User Badges:
  • Cisco Employee,

Antonio,

Pls. let the router do the routing.


Make sure all your inside computers have the CME(192.168.60.254) as the gateway.  The CME router should have its default gateway pointing to the ASA.


-KS

sistemas.sede Tue, 08/10/2010 - 00:28
User Badges:

Thank you for your quick answers, I will try the differents solutions.


Regards.

Actions

This Discussion