Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Forward packet on same subnet

In order to accomodate a misbehaving application which ignores the routing table on the host and forwards all packets to the default route, I have a need to allow our 2811 router to accept packets from this system and forward them on the same subnet to our ASA 5510 firewall.

Debugs on the 2811 Router show packets received from this host destined for the firewall dropped with an "access denied" message.

I know that Pix firewalls will not forward packets on the same interface, but I seem to recall having no issues with doing this on IOS routers in the past.

I have tried to allow the router to send back ICMP redirects by enabling "ip redirect" on the interface, while this works it is extremely slow for the host machine causing other problems.

6 REPLIES
Hall of Fame Super Blue

Re: Forward packet on same subnet

Hi

You should be able to redirect packets out of the same interface on a router so could you post the config of the 2811.

Jon

Hall of Fame Super Silver

Re: Forward packet on same subnet

Jon (K)

I agree with Jon (M) that having your router forward packets back out the same interface that were received on should be no issue for the router. Your post talks about access denied and that sounds very much like that there was an access list on the interface. So seeing the router config would be very helpful. It might also be nice if you would post examples of the error message that you are seeing.

HTH

Rick

New Member

Re: Forward packet on same subnet

I had an access list on the outbound inteface that was intended to block traffic from the inside.

It just occurred to me that it would also apply to traffic being bounced off the interface from the outside as well.

Thanks for helping me get back on the right thought train...

Hall of Fame Super Silver

Re: Forward packet on same subnet

Jon

Glad that we were able to help.

HTH

Rick

Hall of Fame Super Gold

Re: Forward packet on same subnet

Really the rating should have higher for the post above that is 100% correct and generous in willing to help by asking for configuration, so I've tried to balance things a bit with my '5'.

Hall of Fame Super Blue

Re: Forward packet on same subnet

Hi Paolo

Many thanks for taking the time to read and rate. Hope to return the favour sometime :)

Jon

166
Views
12
Helpful
6
Replies