I have an asa 5505 base model that I'm having problems with a static route. The inside network is 192.168.168.0/24 the inside interface is 192.168.168.1. There is a second gateway in the network that exists at 192.168.168.101. I need any traffic destined for the subnet 10.0.0.0/8 to go to the 101 gateway. All machines use the asa(192.168.168.1) as their gateway. I have 2 routes in the asa:
route outside 0.0.0.0 0.0.0.0 184.108.40.206 1
route inside 10.0.0.0 255.0.0.0 192.168.168.101 1
All machines are able to get on the internet, but none can reach the 10 network. When I try to ping the 10 network I get the following error:
Since you are running 8.2.1 there should have been an ICMP redirect by ASA and a route should be automatically injected on the client workstation for subnet 10.0.0.0 mask 255.0.0.0 GW 192.168.168.101. Sometimes a PC can ignore ICMP redirect packets because of firewall on PC or HIPS, in that case a packet will come to firewall and firewall will forward the packet to 192.168.1.68.101 and then reply will directly reach PC. This all should be fine till ICMP or UDP is used, however for TCP based traffic we need to have a TCP state bypass.
In your case, PC has default gateway set to firewall so first segment with SYN flag will reach firewall and firewall will forward it for 192.168.1681.101. However, a segment with SYN and ACK flags set will directly reach PC from 192.168.168.101 as it will have MAC address of host resolved via ARP; so next segment from PC with ACK flag set coming to ASA will be dropped as there was no SYN-ACk seen by ASA. More details of feature can be found at
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...