Hi all,
I have an ASA 5515 and this is my network layout:
If I try to say that external networks are reachable through the 1.250, clients of the 1.0 are able to communicate with other networks. The 1.250 is a linux-box with a static route to the 1.1 for external networks.
If I tell the ASA that those networks are reachable through 1.1, the host can ping external hosts but any connection (rdp, vnc, etc.) is interrupted.
In the ASA I set:
same-security-traffic permit intra-interface
Both the 1.1 and 1.250 are on the same network segment.
Here are the log during a VNC connection:
- Built inbound TCP connection 24860481 for Internal:192.168.1.34/52922 (192.168.1.34/52922) to Internal:192.168.89.10/5900 (192.168.89.10/5900)
- Teardown TCP connection 24860481 for Internal:192.168.1.34/52922 to Internal:192.168.89.10/5900 duration 0:00:00 bytes 0 TCP Reset-O
- Deny TCP (no connection) from 192.168.1.34/52922 to 192.168.89.10/5900 flags RST on interface Internal