https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661833#M560509 <HTML><HEAD></HEAD><BODY><P>Yes, correct but can someone tell me what is a use of this commands in details and when i turned on this commands then I need to make a access list on outside interface of firewall to allow the traffic from our router IP Address IP to any traffic then the communication works where I am confused, why?</P></BODY></HTML> Thu, 16 Jun 2011 19:36:22 GMT ray_stone 2011-06-16T19:36:22Z https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661830#M560506 <P>Hello Experts:</P><P></P><P>We have one ASA and one router conected with unmanaged switch and the same switch is connected with ISP router. The ISP router, our router and ASA outside interface has Public IP Address configured as follow:</P><P></P><P>1)&nbsp; ASA outide : 1.1.1.1/24</P><P>2) Our Router&nbsp; : 1.1.1.2/24</P><P>3) ISP router&nbsp;&nbsp; : 1.1.1.3/24</P><P></P><P>Our router, the route is added to point the firewall IP 1.1.1.1 and on ASA a route is added of ISP router 1.1.1.3. Now traffic should go like that---- our router ---- ASA----- ISP router.</P><P></P><P>There is a STS tunnel created on our router with external partner which traffic i can see hitting on ASA firewall but it's being denied "1.1.1.2 upd/500 and destination is external partner IP Address, outside interface"</P><P></P><P>Now we want that ASA bypass the traffic of our router to ISP router which is not being done and your help is required.</P><P></P><P>Please help!</P> Mon, 11 Mar 2019 20:46:25 GMT https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661830#M560506 ray_stone 2019-03-11T20:46:25Z https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661831#M560507 <HTML><HEAD></HEAD><BODY><P> Hello,</P><P></P><P>Iam not much familiar with this kind of setup, but on ASA make sure 'same-security permit intra-interface &amp; same-security permit inter-interface'&nbsp; enabled.</P><P></P><P>hth</P><P>MS</P></BODY></HTML> Thu, 16 Jun 2011 19:19:34 GMT https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661831#M560507 mvsheik123 2011-06-16T19:19:34Z https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661832#M560508 <HTML><HEAD></HEAD><BODY><P>You need to permit UDP 500 on your ASA''s outside interface, if I correctly understand your network diagram. </P></BODY></HTML> Thu, 16 Jun 2011 19:36:10 GMT https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661832#M560508 fgasimzade 2011-06-16T19:36:10Z https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661833#M560509 <HTML><HEAD></HEAD><BODY><P>Yes, correct but can someone tell me what is a use of this commands in details and when i turned on this commands then I need to make a access list on outside interface of firewall to allow the traffic from our router IP Address IP to any traffic then the communication works where I am confused, why?</P></BODY></HTML> Thu, 16 Jun 2011 19:36:22 GMT https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661833#M560509 ray_stone 2011-06-16T19:36:22Z https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661834#M560510 <HTML><HEAD></HEAD><BODY><P>Why, even the route is placed on firewall and if we use the router instead of firewall then do we still need to make a access list to allow the UPD traffic, if not then what is a diference here between router and firewall conf?</P></BODY></HTML> Thu, 16 Jun 2011 19:38:01 GMT https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661834#M560510 ray_stone 2011-06-16T19:38:01Z https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661835#M560511 <HTML><HEAD></HEAD><BODY><P>No, there is no need for access-list if you use only router. </P><P></P><P>On ASA, you need to permit traffic, if it comes to outside interface. ASA is not a router, it is a firewall with routing capabilities</P></BODY></HTML> Thu, 16 Jun 2011 19:41:16 GMT https://community.cisco.com/t5/network-security/please-respond-immediately/m-p/1661835#M560511 fgasimzade 2011-06-16T19:41:16Z