https://community.cisco.com/t5/network-security/trying-to-get-asa-s-to-route/m-p/2077066#M395521 <HTML><HEAD></HEAD><BODY><P>Ok. Figured it out. problem is two fold:</P><P></P><P>1. Ensure that the correct license is on the box. I had the base license on the 5505's which mean that I could not use mutiple vlans/sub interfaces.</P><P></P><P>2. The ability for the box to pass traffic from one interface of the same security level to another of the same security level has to be configured using the line: <BR /><BR /></P><P><EM>(config)#same-security-traffic permit intra-interface</EM></P><P></P><P>Then the security policies have to be defined to let specific traffic from the inside and outside defined networks pass. This has to be ammended to include icmp traffic since by default it does not allow it. </P><P></P><P>Whew..Solved it!</P></BODY></HTML> Thu, 15 Nov 2012 16:30:48 GMT joelgooding 2012-11-15T16:30:48Z https://community.cisco.com/t5/network-security/trying-to-get-asa-s-to-route/m-p/2077065#M395520 <P>ok, the situation is that for a customer's WAN solution, instead of buying routers, purchasing department bought ASA's (don't even get me started!). So I have 5 ASA 5505's for the branch offices and one 5510 for the Head Office. I am trying to get them to behave like routers and pass the traffic across. I set up a lab with a 5505 and the 5510 using an ethernet cable for both Outside interfaces since the WAN links are going to be MetroEthernet Layer 2 anyway. </P><P></P><P>I tried static routes, dynamic routing, I followed examples from other persons who did it and it doesn't work. I attached the configs here to show I have the default routes, specific static routes pointing the traffic out, any any rules configured as well. I cannot ping from the internal lan of the 5505 to the internal lan of the 5510. It maybe something silly I am missing or not doing. Can someone please assist? Below is the setup.</P><P></P><P><IMG src="https://community.cisco.com/legacyfs/online/legacy/8/4/0/113048-Capture.JPG" alt="Capture.JPG" class="jive-image-thumbnail jive-image" onclick="" width="450" /></P> Tue, 12 Mar 2019 00:23:52 GMT https://community.cisco.com/t5/network-security/trying-to-get-asa-s-to-route/m-p/2077065#M395520 joelgooding 2019-03-12T00:23:52Z https://community.cisco.com/t5/network-security/trying-to-get-asa-s-to-route/m-p/2077066#M395521 <HTML><HEAD></HEAD><BODY><P>Ok. Figured it out. problem is two fold:</P><P></P><P>1. Ensure that the correct license is on the box. I had the base license on the 5505's which mean that I could not use mutiple vlans/sub interfaces.</P><P></P><P>2. The ability for the box to pass traffic from one interface of the same security level to another of the same security level has to be configured using the line: <BR /><BR /></P><P><EM>(config)#same-security-traffic permit intra-interface</EM></P><P></P><P>Then the security policies have to be defined to let specific traffic from the inside and outside defined networks pass. This has to be ammended to include icmp traffic since by default it does not allow it. </P><P></P><P>Whew..Solved it!</P></BODY></HTML> Thu, 15 Nov 2012 16:30:48 GMT https://community.cisco.com/t5/network-security/trying-to-get-asa-s-to-route/m-p/2077066#M395521 joelgooding 2012-11-15T16:30:48Z