ASA packet flow

Unanswered Question
Aug 9th, 2010

Hi everybody,


My question is: I have an ASA5505 as default gateway (192.168.60.101/24), and a CME router in the same network (192.168.60.254/24) which has others subnets behind, 192.168.61.0/24 (VoIP) & 10.1.10.0/252 (CUE). All my computers has the ASA as default gateway. My problem is, If I try to reach from any computer to the 192.168.61.0/24 network, the ASA does not allow giving an error like this:


Example for ICMP:

"Deny inbound icmp src inside:192.168.60.13 dst inside:192.168.61.1 (type 8, code 0)"


From the firewall rules, I give access from any inbound to inbound traffic, but does not work. I know the packet flow is peculiar because it goes out from the same interface that it came (inside), but it might be possible, isn't' it?


Thanks a lot,


Antonio.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
August Ritchie Mon, 08/09/2010 - 11:02

As a note you will want to change you static (inside,inside) to read something like this.





static (inside,inside) 192.168.61.0 192.168.61.0 netmask 255.255.255.255


Then the rest would be the same



same-security-traffic permit intra-interface


global (inside) 1 interface
Kureli Sankar Mon, 08/09/2010 - 12:26

Antonio,

Pls. let the router do the routing.


Make sure all your inside computers have the CME(192.168.60.254) as the gateway.  The CME router should have its default gateway pointing to the ASA.


-KS

sistemas.sede Tue, 08/10/2010 - 00:28

Thank you for your quick answers, I will try the differents solutions.


Regards.

Actions

This Discussion