I have a cisco asa 5510 whose inside interface has a ip of 192.168.5.1. I have a pc with the ip of 192.168.5.2 and uses gateway 192.168.5.1. I need the asa firewall to be able route traffic from the pc for certain networks(eg 192.168.6.0/24 and 192.168.7.0/24) to a router 192.168.5.3. I have configured the appropriate static route on the asa and have enabled hairpinning using "same-security-traffic permit intra-interface" (so that traffic can enter and exceed the same interface)but the routing fail to work. What other config is required? Pls advise, thks in advance.
If you are running pre-8.2 image on the ASA, please try the following:
global (inside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 <-- This line may already be there
If you are running 8.2 or higher code version, then
access-list bypass permit ip 192.168.5.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list bypass permit ip 192.168.5.0 255.255.255.0 192.168.7.0 255.255.255.0
match access-list bypass
set connection advanced-options tcp-state-bypass
service-policy inside_policy in interface inside
This will ensure that the firewall supports asymmetric routing. In the first option, only 192.168.5.x is allowed to initiate the connection while the second one will work for bidirectional connections.
What software version is the ASA 5510 running? If it is running 7.0 or 7.1, the command "same-security-traffic permit intra-interface" applies to IPSec traffic only. This command applies to all traffic in software version 7.2 and later.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...