Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASA 5500: Traffic redirection to a host on the same subnet

Hi all,

I have an ASA 5515 and this is my network layout:

Diagram.jpg

If I try to say that external networks are reachable through the 1.250, clients of the 1.0 are able to communicate with other networks. The 1.250 is a linux-box with a static route to the 1.1 for external networks.

If I tell the ASA that those networks are reachable through 1.1, the host can ping external hosts but any connection (rdp, vnc, etc.) is interrupted.

In the ASA I set:

same-security-traffic permit intra-interface

Both the 1.1 and 1.250 are on the same network segment.

Here are the log during a VNC connection:

  • Built inbound TCP connection 24860481 for Internal:192.168.1.34/52922 (192.168.1.34/52922) to Internal:192.168.89.10/5900 (192.168.89.10/5900)
  • Teardown TCP connection 24860481 for Internal:192.168.1.34/52922 to Internal:192.168.89.10/5900 duration 0:00:00 bytes 0 TCP Reset-O
  • Deny TCP (no connection) from 192.168.1.34/52922 to 192.168.89.10/5900 flags RST  on interface Internal
Everyone's tags (3)
1 REPLY

ASA 5500: Traffic redirection to a host on the same subnet

Hello Salvatore,

What version are you running,

Please paste the configuration of your ASA and the following output

packet-tracer input inside tcp host 192.168.1.34 1025 192.168.89.10 3389

Regards,

Rate all the helpful posts

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
396
Views
0
Helpful
1
Replies
CreatePlease login to create content