ASA5505 Internal traffic between two subnets

ciscojoe837 · ‎10-13-2012

How do I allow traffic between two internal subnets behind a router on an ASA?

I have: Internet---ASA(192.168.1.1)---Router(192.168.1.2)--RouterSubnets(192.168.10.0/24)and(10.1.1.0/24)

I can't get to the Router Subnet from the ASA and vice-versa. I also need the router subnet taffic to access the Internet. I've set the static routes on the ASA and can ping 192.168.1.1 and an endpoint at 192.168.10.225. However, I can't, say, use Terminal Services from an endpoint on the ASA at 192.168.1.80 to the router subnet endpoint at 192.168.10.225.

I get the following error:

192.168.1.80 59517 192.168.10.225 3389 Deny tcp src inside:192.168.1.80/59517 dst inside:192.168.10.225/3389 by access-group "inside_access_in" [0x0, 0x0]

Same follow for the 10.1.1.0 network in all cases.

So bascially I want all traffic to flow freely from any router network to the ASA and vice-versa. And allow any router network traffic destined for the Internet to flow freely to the ASA and then out to the Internet. Maybe once the first problem is solved the other one will too.

cadet alain · ‎10-13-2012

Hi,

post the config from the ASA and the routing table of the router and explain where this .80 host is located.

Regards.

Alain

Don't forget to rate helpful posts.

ciscojoe837 · ‎10-13-2012

The 192.168.1.80 is just an inside endpoint on the ASA.

I can ping both ways so it seems like the traffic is being blocked from the log.

ASA Routes:

192.168.10.0>192.168.1.2(Router)

10.1.1.0>192.168.1.2(Router)

0 0>cloud

Router Routes:

0 0>192.168.1.1(ASA)