Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Passing traffic from outside -> outside1 and outside interface on ASA 5520

Is it possible to pass traffic from an  Avaya PBX -> ASA5520 on outside (security level 100) and outside1 (security level 100) to another ASA 5520 on an outside interface (security 100) and then internally to voice vlan. See diagram for better understanding. Is this possible anything to look out for? I will be using static routes

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: Passing traffic from outside -> outside1 and outside interfa

I don't see a reason why it wouldn't.

A couple of things to be aware off:

- For traffic between same security level, you would need to turn on "same-security-traffic permit inter-interface"

- As you have mentioned, you will be configuring static routes on all interfaces, that would be the way to go as you can't have 2 default gateways pointing towards 2 outside interfaces.

- I am also assuming that you will not be NATing the voice traffic, and the left hand side ASA has inside interface of security level of 100 as well, then you can either disable nat-control, or configure NAT exemption.

Hope that helps.

2 REPLIES
Super Bronze

Re: Passing traffic from outside -> outside1 and outside interfa

I don't see a reason why it wouldn't.

A couple of things to be aware off:

- For traffic between same security level, you would need to turn on "same-security-traffic permit inter-interface"

- As you have mentioned, you will be configuring static routes on all interfaces, that would be the way to go as you can't have 2 default gateways pointing towards 2 outside interfaces.

- I am also assuming that you will not be NATing the voice traffic, and the left hand side ASA has inside interface of security level of 100 as well, then you can either disable nat-control, or configure NAT exemption.

Hope that helps.

New Member

Re: Passing traffic from outside -> outside1 and outside interfa

Thank you very much for you answer was very helpful

194
Views
0
Helpful
2
Replies