Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Route via another PIX

Hi,

I have an ASA 5510 (192.168.123.254) that is my default gateway on my LAN (192.168.123.0). I also have a PIX (192.168.123.253) on my LAN that has a VPN established to another site that has a 192.168.11.0 network. My servers on the 192.168.123.0 network need to be able to communicate with the 192.168.11.0 network. I am currently using staic routes on the servers to enable this (and it works fine) but I do not want to continue doing this. The inside port on the ASA is called PRG_LAN so I have added the command: route PRG_LAN 192.168.11.0 255.255.255.0 192.168.123.253 1 to the ASA but when I remove the static route on the servers they cannot ping 192.168.11.63 as the could before. I thought the above static route would enable this. Any advise would be very welcome.

TIA,

Jaime

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Route via another PIX

3 REPLIES
Silver

Re: Route via another PIX

Hi,

This is called hair-pinning, basically firewalls will not send incoming traffic back out the same interface as it came in on.

Most firewalls do this, all Cisco, as far as i remember.

Either put a router in front of the ASA and your LAN, or continue using the static routes.

HTH

LR

Silver

Re: Route via another PIX

New Member

Re: Route via another PIX

brilliant - thanks

159
Views
0
Helpful
3
Replies