Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Routing and ASA

Hi,

I would like to use an ASA (7.2) as the DG for clients on a single subnet site. The site does not have a router that i have access to. However, the site also has dedicated circuit connected to the LAN allowing access to several remote sites. However, i have no control of the router.

I would like to add routes on the inside interface of the ASA directing selected traffic to the router.

However, despite setting same-security-traffic inter-interface. I still have problems. Despite explicitly allowing the traffic i see the following syslog messages.

106015|LAN_IP|REMOTE_IP|Deny TCP (no connection) from LAN_IP/3422 to REMOTE_IP/80 flags RST on interface Inside

My questions are -

1) Is what im trying to do possible

2) If yes, what do i need to do to enable it

Cheers

Andy

2 REPLIES
New Member

Re: Routing and ASA

I have been told this is very difficult to do. Supposedly, you can make the ASA route "in and out" of the same interface but it's difficult and not recommended. It's much better to have a router or layer-3 switch internally and have the clients use that as their DG.

Green

Re: Routing and ASA

It is intra-interface, not inter-interface to allow traffic in and out of same interface. Inter is for traffic between interfaces with same security level.

233
Views
5
Helpful
2
Replies
CreatePlease to create content