cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


164
Views
0
Helpful
2
Replies
Highlighted
Beginner

Traffic between two internal interface ASA

I have ASA 5512 configured like below:

g0/0 : outside --->  security 0, connect to the internet via GW router, private IP /30, no NAT (NAT is occur on the GW router)

g0/1 : inside1 ---> security 100, connect directly to LAN 10.x.x.x

g0/2 : inside2 ----> security 100, connect to another router, lets call it router-X using /30 private IP, and behind that router is another LAN in segment 192.168.x.x

I configured via ASDM and have enabled the option "Enable traffic between two or more interfaces which are configured with the same security level"

 

Routing in ASA:

outside, 0.0.0.0 0.0.0.0 (GW router IP)

inside2, 192.168.0.0 255.255.0.0 (router-X IP)

 

Everything works as it should, I can go either from inside1/inside2 to the internet, and I can also access between segments 10.x.x.x <-> 192.168.x.x under normal condition

 

But there is this one accident where the internet connection is down (on the provider side) so I cannot access the internet, but at the same time I also cannot access the other inside interface ( I cannot access 192.168.x.x from 10.x.x.x). this is so weird to me, the inter-segment connection should still be working even without the internet isn't it?

And as soon as the internet connection is up and active again, the inter-segment connection is also comes up again.

 

What did I do wrong?

PLease help me, this is an existing and active production network in my office so i cant just do a trial-and-error here

Any help will be highly appreciated... thanks!

Everyone's tags (2)
2 REPLIES 2
Beginner

Hi randms2610,That is weird !

Hi

Beginner

Hello Murali,there's nothing

Hello Murali,

there's nothing fancy in router X routing, only static route

- ip route 0.0.0.0 0.0.0.0 (ASA g0/2 IP)

 

this problem has occur again today, and this time all the hosts are showing destination host unreachable message from their own IP