Re: ASA redirection using (same-security-traffic permit intra)

laut · ‎04-27-2007

I've deployed the ASA fw for different purpose. One is for Internet access and the other for site-to-site VPN connection. All the internal user's default gw is pointing to the Internet one, and this one contain the specific static route back to the VPN one. The command "same-security-traffic permit intra" already in placed, but the ASA still can not redirect the traffic to the VPN one for remote site connection. Both ASA are running 7.2(2).

Please advice

Tony

oabduo983 · ‎04-27-2007

Being very specific on your static route statements, for every VPN remote site, you will have to have two static route statments one to reach the peer's outside network (or IP), another is to reach the internal network of the peer's network...

Have you tried (for troubleshooting purpose) pointing your clients to your Site2Site Firewall and verified it works fine?

Plz Rate if this helps

laut · ‎04-27-2007

Sure that the VPN one is working properly, because i've setup my laptop pointing to the VPN one for default gw and it can access all the remote sites.

Tony

oabduo983 · ‎04-27-2007

Just follow what I said earlier about having two route inside statements on your internal firewall one going to the outside address for your peer and another going to the internal subnet of your peer... this should solve your issue...

laut · ‎04-30-2007

My problem is the ASA firewall can not redirect the traffic to the VPN one. If i put a layer-3 switch or router, the problem is solved. I just want to know the command purpose of "same-security-traffic", even the command in place but the application can not redirect.

Tony