Cisco ASA - Forwarding specific traffic to LAN router
There is a scenario where a Cisco ASA is connected on a LAN with hosts on the LAN having the ASA's inside interface (10.10.10.100) as default gateway.
A router (10.10.10.20) is also connected to the LAN and is not in-line with the Cisco ASA (out-of-path).
The hosts need to connect to a specific destination (192.168.1.0/24) through the router and therefore the ASA firewall should forward this specific destination traffic back on its inside interface to the router.
Please see attached the topology.
I understand that both the ASA and the router can be configured to achieve this through the use of network routes, nat, same-security-traffic permit intra-interface, ACLs, classmap, PBR,....
Do you want to firewall the traffic before it gets to the router?
If not, you can do just a regular "route inside 192.168.1.0 255.255.255.0 10.10.10.20" and the ASA should forward this traffic to the router if it receives it on the inside interface. You need to add "same-security-traffic permit intra-interface" to get this working.
Not sure if you can use PBR or something like that to get it going, it'd be almost better to forward all the traffic to the router and then have the router send ICMP redirects, depends on how much traffic is flowing though.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :