Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA packet flow

Hi everybody,

My question is: I have an ASA5505 as default gateway (, and a CME router in the same network ( which has others subnets behind, (VoIP) & (CUE). All my computers has the ASA as default gateway. My problem is, If I try to reach from any computer to the network, the ASA does not allow giving an error like this:

Example for ICMP:

"Deny inbound icmp src inside: dst inside: (type 8, code 0)"

From the firewall rules, I give access from any inbound to inbound traffic, but does not work. I know the packet flow is peculiar because it goes out from the same interface that it came (inside), but it might be possible, isn't' it?

Thanks a lot,


New Member

Re: ASA packet flow


This problem is due to the fact that you need to hairpin the traffic back through the inside interface. The ASA doesn't allow u-turning traffic by default, but this document should show you how.

New Member

Re: ASA packet flow

As a note you will want to change you static (inside,inside) to read something like this.

static (inside,inside) netmask

Then the rest would be the same

same-security-traffic permit intra-interface

global (inside) 1 interface

Cisco Employee

Re: ASA packet flow


Pls. let the router do the routing.

Make sure all your inside computers have the CME( as the gateway.  The CME router should have its default gateway pointing to the ASA.


New Member

Re: ASA packet flow

Thank you for your quick answers, I will try the differents solutions.


CreatePlease login to create content