04-06-2010 12:06 PM - edited 03-11-2019 10:29 AM
If you set same traffic intra-interface and run a routing protocol
can the ASA re-route traffic or is something it does not do under any circumstanc
es.
Solved! Go to Solution.
04-06-2010 12:33 PM
Hi,
For example on 8.2 you can run either RIP, OSPF or EIGRP on the ASA and with the same traffic permit intra-interface, the ASA can reroute traffic back out the same interface in which it receive it.
Keep in mind that the routing functionality has its limitations on the ASA, but what you're asking can be done.
Federico.
04-06-2010 12:37 PM
whanson wrote:
If you set same traffic intra-interface and run a routing protocol
can the ASA re-route traffic or is something it does not do under any circumstanc
es.
Yes it can be done and in very small network with maybe a couple of vlans it can be used as such.
But the ASA is primarily a firewall and as such lacks a lot of the features of a router such as a full QOS set, PBR (Policy Based Routing) etc.. Personally i don't recommend using an ASA as a router as it is not designed to do this and can make the configuration quite messy.
Jon
04-06-2010 12:33 PM
Hi,
For example on 8.2 you can run either RIP, OSPF or EIGRP on the ASA and with the same traffic permit intra-interface, the ASA can reroute traffic back out the same interface in which it receive it.
Keep in mind that the routing functionality has its limitations on the ASA, but what you're asking can be done.
Federico.
04-06-2010 12:45 PM
Thanks to both answers. I know but here's the scoop. customer has a main asa
for most folks but bought a cable service and an asa 5505 for a few others. I could have done what he wanted for certain
users by adding policy routing to his core switch but was reluctant to do that because no one ever remembers the whys and wherefores, so I told him to change the default route of those users to the cable asa and then I would run rip v2 (what he runs today) to redirect folks back to where they need to go othewise send them on their merry way out the cable internet connection. This new system baffles me somewhat so I assume hitting correct answer scores points? Let me know if that's how it's done. thx again.
04-06-2010 01:23 PM
let me ask you a question because internal routing doesn't seem
to work. If I have a nat so that traffic to the outside is natted do I need a nat (inside ) 0 so that all internal to internal is not natted.
thx again
04-06-2010 01:27 PM
To NAT traffic from inside to outside you need:
nat (inside) 1 0 0
global (outside) 1 interface
To bypass NAT, you use:
nat (inside) 0 x.x.x.x --> Traffic that you want to excempt from NAT.
Federico.
04-06-2010 12:37 PM
whanson wrote:
If you set same traffic intra-interface and run a routing protocol
can the ASA re-route traffic or is something it does not do under any circumstanc
es.
Yes it can be done and in very small network with maybe a couple of vlans it can be used as such.
But the ASA is primarily a firewall and as such lacks a lot of the features of a router such as a full QOS set, PBR (Policy Based Routing) etc.. Personally i don't recommend using an ASA as a router as it is not designed to do this and can make the configuration quite messy.
Jon
04-06-2010 12:48 PM
Although the Cisco ASA appliance does not act as a router in the network and has some limitations, Cisco ASA firewalls support both static and dynamic routing. For dynamic routing, the ASA supports RIPv2 and OSPF and EIGRP. traffic permit intra-interface allows the ASA to route traffic back out the same interface in which it receive it.
see this http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ip.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide