https://community.cisco.com/t5/network-security/routing-and-asa/m-p/743975#M422219 <P>Hi,</P><P></P><P>I would like to use an ASA (7.2) as the DG for clients on a single subnet site. The site does not have a router that i have access to. However, the site also has dedicated circuit connected to the LAN allowing access to several remote sites. However, i have no control of the router.</P><P></P><P>I would like to add routes on the inside interface of the ASA directing selected traffic to the router.</P><P></P><P>However, despite setting same-security-traffic inter-interface. I still have problems. Despite explicitly allowing the traffic i see the following syslog messages.</P><P></P><P>106015|LAN_IP|REMOTE_IP|Deny TCP (no connection) from LAN_IP/3422 to REMOTE_IP/80 flags RST on interface Inside</P><P></P><P>My questions are - </P><P></P><P>1) Is what im trying to do possible</P><P>2) If yes, what do i need to do to enable it</P><P></P><P>Cheers</P><P></P><P>Andy</P> Fri, 21 Feb 2020 09:31:32 GMT serotonin888 2020-02-21T09:31:32Z https://community.cisco.com/t5/network-security/routing-and-asa/m-p/743975#M422219 <P>Hi,</P><P></P><P>I would like to use an ASA (7.2) as the DG for clients on a single subnet site. The site does not have a router that i have access to. However, the site also has dedicated circuit connected to the LAN allowing access to several remote sites. However, i have no control of the router.</P><P></P><P>I would like to add routes on the inside interface of the ASA directing selected traffic to the router.</P><P></P><P>However, despite setting same-security-traffic inter-interface. I still have problems. Despite explicitly allowing the traffic i see the following syslog messages.</P><P></P><P>106015|LAN_IP|REMOTE_IP|Deny TCP (no connection) from LAN_IP/3422 to REMOTE_IP/80 flags RST on interface Inside</P><P></P><P>My questions are - </P><P></P><P>1) Is what im trying to do possible</P><P>2) If yes, what do i need to do to enable it</P><P></P><P>Cheers</P><P></P><P>Andy</P> Fri, 21 Feb 2020 09:31:32 GMT https://community.cisco.com/t5/network-security/routing-and-asa/m-p/743975#M422219 serotonin888 2020-02-21T09:31:32Z https://community.cisco.com/t5/network-security/routing-and-asa/m-p/743976#M422220 <HTML><HEAD></HEAD><BODY><P>I have been told this is very difficult to do. Supposedly, you can make the ASA route "in and out" of the same interface but it's difficult and not recommended. It's much better to have a router or layer-3 switch internally and have the clients use that as their DG.</P></BODY></HTML> Fri, 18 May 2007 20:14:47 GMT https://community.cisco.com/t5/network-security/routing-and-asa/m-p/743976#M422220 keith_chilek 2007-05-18T20:14:47Z https://community.cisco.com/t5/network-security/routing-and-asa/m-p/743977#M422221 <HTML><HEAD></HEAD><BODY><P>It is intra-interface, not inter-interface to allow traffic in and out of same interface. Inter is for traffic between interfaces with same security level.</P></BODY></HTML> Fri, 18 May 2007 23:20:22 GMT https://community.cisco.com/t5/network-security/routing-and-asa/m-p/743977#M422221 acomiskey 2007-05-18T23:20:22Z