I am kinda new to firewalls and what i'm trying to do is the following:
One subnet for everything, ASA 5520 INSIDE 192.168.0.241 > 3560 192.168.0.240 > Several 2950 on 192.168.0.x
ASA 5520 INSIDE 192.168.0.241 >>> 3560 192.168.-0.240/2.1/5.1 (IP ROUTING enabled) >TRUNK> 2950 with 192.168.5.10 and a client with 192.168.2.100
-ASA 5520 > 3560 > Several 2950 (some in different subnets)
-I added subnets 192.168.2.x and .5.x (vlan 2/5, with ip's of .1) to the 3560 which is trunked with a 2950 that runs those 2 subnets.
-Everything in the 192.168.0.x subnet has as default gateway the ASA Inside interface (0.241).
-The new 2950 / Client have as default gateway the 3560 (5.1 and client 2.1).
-3560 has a ip route 0.0.0.0 0.0.0.0 192.168.0.241
-ASA has ip routes to 192.168.2.0 > 192.168.0.240 and 192.168.5.0 > 192.168.0.240 (which is the ip of the 3560).
I can access the internet fine (added PAT) but i cannot ping from a host in the 0.x to the 2.x etc. From the 2.100 client i can only ping the 3560 / ASA / internet but not a single other 0.x adress on the network.
Now someone told me that i cannot route traffic back on the same interface as it goes out on, but i don't think this is true. He suggested i changed all my default gateways to the 3560 IP address and yes this will probably solve it and might be the best solution, but i got curious now.
-I got a inside acl that says from any source to any less secured network, can anyone tell me that if i put this to any any if this will solve my problems?
-Even if this works, should i still consider changing all my default gateways to the 3560 instead of the firewall?
-Or should i consider doing the inter-vlan routing on the firewall instead of the 3560?
I hope it's a bit clear and if not please let me know.