10-30-2014 08:03 AM - edited 03-11-2019 10:00 PM
hi out there
I have a asa as def gw in a DMZ and need let it act as router - redirecting back out of the same interface to another gw (which also is a ASA)
I had expected it to send a icmp redirect but as far as I can see it doesn't - can this be?
I have defined "enabled traffic between two or mores interfaces with same sec level" and "enabled traffic between two or more hosts connected to the same interface" which must be the case here.
def gw (ASA1) = 192.168.1.1
second gw (ASA2) = 192.168.1.254
when I trace on a client on 192.168.1.22 which is going to a nework behind ASA2 I don't see a ICMP redirect - which gives me the problem that f.ex ping works fine but the tcp session I need to establish is not established.
I would really prefer toawoid a router in front - and also I don't want to disable the tcp state handling trough MPF - any suggestions?
best regards /ti
Solved! Go to Solution.
10-30-2014 07:47 PM
Hi,
ICMP redirect would not be sent by the ASA device.
For U Turn of the Traffic from your Default GW ASA 1 , you might have to disable the TCP state check to get this traffic working in the current setup.
Please check this for more information:-
https://supportforums.cisco.com/document/69261/hairpinu-turn-traffic-interface-asa-running-83-or-later
Thanks and Regards,
Vibhor Amrodia
10-30-2014 07:47 PM
Hi,
ICMP redirect would not be sent by the ASA device.
For U Turn of the Traffic from your Default GW ASA 1 , you might have to disable the TCP state check to get this traffic working in the current setup.
Please check this for more information:-
https://supportforums.cisco.com/document/69261/hairpinu-turn-traffic-interface-asa-running-83-or-later
Thanks and Regards,
Vibhor Amrodia
10-30-2014 11:52 PM
hi again
yes you are right - I couldn't understand why it didn't send a redirect - but of course - it is not a router but a firewall - I thought it was a way to let it send a redirect to avoid this tcp bypass policy but doesn't look so.
best regards /ti
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide