Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5512X DMZ traffic default route

I am working on moving from our ASA5510 to an ASA5512 and am rebuilding the config from scratch as a clean up.  When I put the 5512 into prod we have a problem with our Sophos Proxy appliance in the DMZ.  It can not get out to the internet however users can get to it just fine from the inside and outside.  It has one foot in the DMZ (Nat'd) and one foot on the trusted network.


If I look at the ASA logs I see the traffic from the Sophos DMZ link going to outside IPs but it is hitting the Inside interface not the outside interface!!!  The default route on the ASA points to the outside and everything else seems to work just fine!  If I look at the default route on the Sophos appliance it shows as pointing to the IP address of the DMZ interface on the ASA.

Put back the 5510 and everything works just fine...

Anyone ever seen this before? What in the world am I missing?




  • LAN Switching and Routing
Everyone's tags (1)
Hall of Fame Super Silver

The picture you attached show

The picture you attached show traffic from DMZ host going to several hosts whose route is via the INSIDE interface according to the ASA's route lookup.

Are the routing commands on the 5512 the same as those on the 5510?

New Member

 Hi. Finally getting back to




Finally getting back to this after getting other projects under control and am going to try and get this in prod this weekend.

Yes.  The routing is identical.

I opened a case with TAC this am hoping they can see the problem.


This widget could not be displayed.