Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

ASA ACL for new Route

Hi,

 

We have ASA 5505 setup at a client site and have just installed a new VoIP system.  The phones/telco server are on VLAN200 at 10.20.6.0/24, computers on VLAN1 at 172.20.6.0/24.

 

We need to be able to route traffic from VLAN1 to VLAN 200.  I went ahead and added a static route for all phone network traffic to hit .254 (phone server) as gateway to the telco network:


route inside 10.20.6.0 255.255.255.0 172.20.6.254 1

 

I am having trouble getting the proper ACL in place to support this, currently any traffic from VLAN1 to VLAN200 is getting denied:

%ASA-3-106014: Deny inbound icmp src inside:172.20.6.172 dst inside:10.20.6.254 (type 8, code 0)

 

Any help in putting together the ACLs for this would be greatly appreciated!

 

Thanks!

 


 

Everyone's tags (1)
3 REPLIES
Hall of Fame Super Gold

I am not sure that this is

I am not sure that this is really an ACL issue. It looks like the traffic arrives on interface inside and should forward out interface inside. By default the ASA does not want to forward traffic out the same interface that it arrived on. Try this command and see if things work better

same-security-traffic permit intra-interface

 

HTH

 

Rick

New Member

Hey Rich,You are the best,

Hey Rich,

You are the best, that was it.  Was driving me nuts!

Have a great weekend!

Regards,

Jon

Hall of Fame Super Gold

Jon I am glad that my

Jon

 

I am glad that my suggestion did turn out to solve your problem. Thanks for posting back to the forum to confirm that this was the issue.

 

HTH

 

Rick

46
Views
0
Helpful
3
Replies
CreatePlease to create content