Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Adding route on ASA


We have one weird requirement it is as follows

1. Our ASA outside subnet is A.B.C.0 /24

2. Our ASA DMZ subnet is : P.Q.R.0 /24

3. Our ASA inside subnet is X.Y.Z.0 /24

with last digit .1 is the ip address of the interface.

Now we have one host from outside subnet hosted in the DMZ region. This is required for Microsoft OCS server for Audio and Video support ( NAT of the IP address is not allowed for Voice/Video). I need to configure this host with A.B.C.11 / 24 ( this is from the outside subnet ) in the DMZ region. We are struck with this problem as we are not able to give default gateway to this host. We plan to give secondary IP address from the DMZ subnet but not sure if this will work. I have done static (dmz,outside) A.B.C.11 A.B.C.11. And have given access from outside interface for full ip just for testing.

How do we configure this host and also ASA so that it will send the traffic to this server and also will receive the traffic from this server.

Any experience please share.

Thanks in advance



Re: Adding route on ASA

configure an available free interface on ASA for same security level as the outside interface. connect the Microsoft OCS server on this interface network. Also permit same-security-traffic by using the command "same-security-traffic inter-interface”. To permit communication between interfaces with equal security levels, or to allow traffic to enter and exit the same interface, use the same-security-traffic command in global configuration mode.inter-interface option Permits communication between different interfaces that have the same security level. This setup will work fine so that ASA will send the traffic to this server and also will receive the traffic from this server