Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
0
Helpful
1
Replies

ASA 5500: Traffic redirection to a host on the same subnet

salvatore.baldizzi
Level 1
Level 1

‎08-24-2012 07:46 AM - edited ‎03-11-2019 04:46 PM

Hi all,

I have an ASA 5515 and this is my network layout:

Diagram.jpg

If I try to say that external networks are reachable through the 1.250, clients of the 1.0 are able to communicate with other networks. The 1.250 is a linux-box with a static route to the 1.1 for external networks.

If I tell the ASA that those networks are reachable through 1.1, the host can ping external hosts but any connection (rdp, vnc, etc.) is interrupted.

In the ASA I set:

same-security-traffic permit intra-interface

Both the 1.1 and 1.250 are on the same network segment.

Here are the log during a VNC connection:

  • Built inbound TCP connection 24860481 for Internal:192.168.1.34/52922 (192.168.1.34/52922) to Internal:192.168.89.10/5900 (192.168.89.10/5900)
  • Teardown TCP connection 24860481 for Internal:192.168.1.34/52922 to Internal:192.168.89.10/5900 duration 0:00:00 bytes 0 TCP Reset-O
  • Deny TCP (no connection) from 192.168.1.34/52922 to 192.168.89.10/5900 flags RST  on interface Internal
Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎08-24-2012 10:30 AM

Hello Salvatore,

What version are you running,

Please paste the configuration of your ASA and the following output

packet-tracer input inside tcp host 192.168.1.34 1025 192.168.89.10 3389

Regards,

Rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card