cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
704
Views
0
Helpful
1
Replies

ASA 5500: Traffic redirection to a host on the same subnet

Hi all,

I have an ASA 5515 and this is my network layout:

Diagram.jpg

If I try to say that external networks are reachable through the 1.250, clients of the 1.0 are able to communicate with other networks. The 1.250 is a linux-box with a static route to the 1.1 for external networks.

If I tell the ASA that those networks are reachable through 1.1, the host can ping external hosts but any connection (rdp, vnc, etc.) is interrupted.

In the ASA I set:

same-security-traffic permit intra-interface

Both the 1.1 and 1.250 are on the same network segment.

Here are the log during a VNC connection:

  • Built inbound TCP connection 24860481 for Internal:192.168.1.34/52922 (192.168.1.34/52922) to Internal:192.168.89.10/5900 (192.168.89.10/5900)
  • Teardown TCP connection 24860481 for Internal:192.168.1.34/52922 to Internal:192.168.89.10/5900 duration 0:00:00 bytes 0 TCP Reset-O
  • Deny TCP (no connection) from 192.168.1.34/52922 to 192.168.89.10/5900 flags RST  on interface Internal
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Salvatore,

What version are you running,

Please paste the configuration of your ASA and the following output

packet-tracer input inside tcp host 192.168.1.34 1025 192.168.89.10 3389

Regards,

Rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Review Cisco Networking for a $25 gift card