https://community.cisco.com/t5/network-security/remote-connection-on-inside-interface-asa5505/m-p/1067672#M894335 <HTML><HEAD></HEAD><BODY><P>Check the IP addressing for the local LAN and the remote PC.</P></BODY></HTML> Wed, 29 Oct 2008 17:54:14 GMT andrew.prince 2008-10-29T17:54:14Z https://community.cisco.com/t5/network-security/remote-connection-on-inside-interface-asa5505/m-p/1067671#M894333 <P>We're upgrading our network. As a part of the process we're replacing our 1750 Routers with a ASA 5505 with the latest software version 8.0.4.</P><P>As far as ACLs, NAT'ing and routing goes so the config is the same on the new box.</P><P></P><P>The problem is with a remote PC we have on the other end of a point to point SHDSL connection. The connection is VLAN, layer2 based and there are no routers in between, just a modem at each end.</P><P></P><P>what happens is that traffic is dropped on the inside interface of the ASA box from the remote PC. Traffic from the ASA to the remote PC (ping for example) is fine, also the remote PC can ping other IP addresses at the other end of the DSL line but not the inside IP of the ASA.</P><P>It makes no difference if the link from the remote site is connected directly to an ASA port or via another switch.</P><P></P><P>We've discovered that if we clear the ARP cache of the remote PC we get 1 ping reply before traffic is dropped.</P><P>Pinging the remote site from the ASA works though we experience a certain amount of lost packets.</P><P></P><P>There's something about the ASA and this type of link that's causing this but we don't know what. Our best guess is that it's some kind of security feature ??</P><P></P><P>Put in a PC with the same inside IP, mac address as the ASA, cable etc. and traffic flows both ways without a problem which is why we think it's down to the ASA.</P><P></P><P>same-security-traffic permit inter-interface</P><P>and</P><P>same-security-traffic permit intra-interface</P><P>is already enabled.</P><P></P><P>Any suggestions ? We're stuck.</P><P></P><P>Thank you.</P><P></P><P>Uli</P> Mon, 11 Mar 2019 14:04:51 GMT https://community.cisco.com/t5/network-security/remote-connection-on-inside-interface-asa5505/m-p/1067671#M894333 Iske 2019-03-11T14:04:51Z https://community.cisco.com/t5/network-security/remote-connection-on-inside-interface-asa5505/m-p/1067672#M894335 <HTML><HEAD></HEAD><BODY><P>Check the IP addressing for the local LAN and the remote PC.</P></BODY></HTML> Wed, 29 Oct 2008 17:54:14 GMT https://community.cisco.com/t5/network-security/remote-connection-on-inside-interface-asa5505/m-p/1067672#M894335 andrew.prince 2008-10-29T17:54:14Z https://community.cisco.com/t5/network-security/remote-connection-on-inside-interface-asa5505/m-p/1067673#M894336 <HTML><HEAD></HEAD><BODY><P>Looks like we got it, the provider uses a different vlan tag for the shdsl connection but</P><P>uses the same ip network 192.168.x.x. So we</P><P>have vlan 1 on the inside Network and vlan 101 over the shdsl connection. We're now trying the</P><P>Security Plus License and define a trunk on the</P><P>inside Interface with vlan 1 and 101. Hope</P><P>this will work.</P></BODY></HTML> Sat, 08 Nov 2008 18:06:42 GMT https://community.cisco.com/t5/network-security/remote-connection-on-inside-interface-asa5505/m-p/1067673#M894336 Iske 2008-11-08T18:06:42Z