Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Route redirecting

I'm having an issue with an ASA 5505 not redirecting packets that enter it's inside interface to be redirected back out it's inside interface to a second network.

The way it's currently setup is that the ASA has it's inside interface at it then connects to a Linksys switch which has workstations connecting to it. The workstations have their default gateway pointed to the .1 address. The Linksys however also connects to a Cisco 3550 which is part of a network. I have carved out a port on the 3550 and given it an IP in the address space. From here I added an OSPF route to on the 3550 which is configured for routing. Then on the ASA I added a route for From any workstation inside the network I can ping the firewall at but not any workstation. From the workstations on the network I can ping the address of the port on the Cisco 3550 but not the switch itself or anything in the network. Any suggestions on how to make this work would be great thanks.

Hall of Fame Super Blue

Re: Route redirecting


What version of code is your ASA running. Prior to v7.2 it did not support hairpinning of unencrypted traffic which is the ability to route traffic back out the same interface it came in on. This sounds like your problem. I think your 192.168.2.x clients when pinging the address on the 3550 are not going via the ASA but when they try to ping anything in network they are.

Check version of ASA and if above v7.2 you need to enable hairpinning.

Another solution which would work is to move to the 3550 and have that responsible for the routing. Then have a default-route on the 3550 pointing to the ASA. This is only a solution if you do not need/want to firewalll traffic between 192.168.2.x and networks.



New Member

Re: Route redirecting

The version of code on the ASA is 7.2. I enabled hairpinning by using the global command same-security-traffic permit intra-interface . However, I am still have the same issue, is their another way to enable hairpinning that I am missing? Again thanks for the help.

New Member

Re: Route redirecting

If you moved to the 3550, what would the IP of the interface on the ASA's inside interface become?