08-07-2017 04:09 PM - edited 03-12-2019 02:47 AM
I have 4 interfaces on my ASA running 9.2.
Interface inside
10.1.1.1/24
Interface outside
description ISP
1.1.1.1/24
interface outsidedev
description public dev environment
1.1.2.1/24
interface dmz
10.1.2.1/24
The ISP provider will advertise 1.1.2.0/24 via 1.1.1.1
My question is how do I route between the outside and outsidedev interfaces without applying firewall services and translations?
I want to only route between them.
Thanks
Solved! Go to Solution.
08-08-2017 06:56 AM
Just assign them the same security level and make sure you have a permit for trafffic same-security.
The public dev hosts should have the ASA public dev address as their default gateway. Traffic will enter there and exit towards the default route.
Incoming traffic from upstream will hit the ASA outside address per your ISP's routing and then know to exit the public dev interface as it is in the ASA's routing table as a connected route.
If you have an ACL on the outside interface, you would need to add a permit for inbound traffic destined for the public dev subnet.
08-08-2017 06:56 AM
Just assign them the same security level and make sure you have a permit for trafffic same-security.
The public dev hosts should have the ASA public dev address as their default gateway. Traffic will enter there and exit towards the default route.
Incoming traffic from upstream will hit the ASA outside address per your ISP's routing and then know to exit the public dev interface as it is in the ASA's routing table as a connected route.
If you have an ACL on the outside interface, you would need to add a permit for inbound traffic destined for the public dev subnet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide