cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1606
Views
0
Helpful
3
Replies

ASA 5510 - ICMP Redirect on outside interface

akirkby
Level 1
Level 1

I have a ASA '1' connected to an external subnet 'B' - this ASA is the default gateway for this subnet 'B'. I also have a second ASA '2' (inside on subnet 'B', outside on subnet 'C') connected to this subnet with a connection to subnet 'C'.

All devices on subnet 'B' have a default gateway of ASA 1, ASA 1 also has a static route pointing to subnet 'C' via ASA 2. Currently ASA 2 has 'any/any' rules on both the inside and outside interfaces. I can ping from a host on subnet B to subnet C, however I cannot RDP from subnet B to subnet C. I can RDP and Ping from subnet C to B. No 'Deny' entries are being seen in either of the ASA logs so it looks like the ACL's are OK. Neither of the ASA's are Natting - only routing.

I have enabled ICMP on the outside interface of ASA 1.

3 Replies 3

akirkby
Level 1
Level 1

I have attached a diagram to illustrate the problem -

on ASA1, make sure you have the following command in your config:

same-security-traffic permit intra-interface

...if you already do, please post your configs.

This has already been done :-(

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: