10-13-2012 11:10 AM - edited 03-11-2019 05:08 PM
How do I allow traffic between two internal subnets behind a router on an ASA?
I have: Internet---ASA(192.168.1.1)---Router(192.168.1.2)--RouterSubnets(192.168.10.0/24)and(10.1.1.0/24)
I can't get to the Router Subnet from the ASA and vice-versa. I also need the router subnet taffic to access the Internet. I've set the static routes on the ASA and can ping 192.168.1.1 and an endpoint at 192.168.10.225. However, I can't, say, use Terminal Services from an endpoint on the ASA at 192.168.1.80 to the router subnet endpoint at 192.168.10.225.
I get the following error:
192.168.1.80 59517 192.168.10.225 3389 Deny tcp src inside:192.168.1.80/59517 dst inside:192.168.10.225/3389 by access-group "inside_access_in" [0x0, 0x0]
Same follow for the 10.1.1.0 network in all cases.
So bascially I want all traffic to flow freely from any router network to the ASA and vice-versa. And allow any router network traffic destined for the Internet to flow freely to the ASA and then out to the Internet. Maybe once the first problem is solved the other one will too.
10-13-2012 11:22 AM
Hi,
post the config from the ASA and the routing table of the router and explain where this .80 host is located.
Regards.
Alain
Don't forget to rate helpful posts.
10-13-2012 11:29 AM
The 192.168.1.80 is just an inside endpoint on the ASA.
I can ping both ways so it seems like the traffic is being blocked from the log.
ASA Routes:
192.168.10.0>192.168.1.2(Router)
10.1.1.0>192.168.1.2(Router)
0 0>cloud
Router Routes:
0 0>192.168.1.1(ASA)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide