Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA redirection using (same-security-traffic permit intra)

I've deployed the ASA fw for different purpose. One is for Internet access and the other for site-to-site VPN connection. All the internal user's default gw is pointing to the Internet one, and this one contain the specific static route back to the VPN one. The command "same-security-traffic permit intra" already in placed, but the ASA still can not redirect the traffic to the VPN one for remote site connection. Both ASA are running 7.2(2).

Please advice

Tony

4 REPLIES
Bronze

Re: ASA redirection using (same-security-traffic permit intra)

Being very specific on your static route statements, for every VPN remote site, you will have to have two static route statments one to reach the peer's outside network (or IP), another is to reach the internal network of the peer's network...

Have you tried (for troubleshooting purpose) pointing your clients to your Site2Site Firewall and verified it works fine?

Plz Rate if this helps

New Member

Re: ASA redirection using (same-security-traffic permit intra)

Sure that the VPN one is working properly, because i've setup my laptop pointing to the VPN one for default gw and it can access all the remote sites.

Tony

Bronze

Re: ASA redirection using (same-security-traffic permit intra)

Just follow what I said earlier about having two route inside statements on your internal firewall one going to the outside address for your peer and another going to the internal subnet of your peer... this should solve your issue...

New Member

Re: ASA redirection using (same-security-traffic permit intra)

My problem is the ASA firewall can not redirect the traffic to the VPN one. If i put a layer-3 switch or router, the problem is solved. I just want to know the command purpose of "same-security-traffic", even the command in place but the application can not redirect.

Tony

342
Views
0
Helpful
4
Replies