Solved: Dual public Interface with single default route

dthomaz77 · ‎08-07-2017

I have 4 interfaces on my ASA running 9.2.

Interface inside

10.1.1.1/24

Interface outside

description ISP

1.1.1.1/24

interface outsidedev

description public dev environment

1.1.2.1/24

interface dmz

10.1.2.1/24

The ISP provider will advertise 1.1.2.0/24 via 1.1.1.1

My question is how do I route between the outside and outsidedev interfaces without applying firewall services and translations?

I want to only route between them.

Thanks

Marvin Rhoads · ‎08-08-2017

Just assign them the same security level and make sure you have a permit for trafffic same-security.

The public dev hosts should have the ASA public dev address as their default gateway. Traffic will enter there and exit towards the default route.

Incoming traffic from upstream will hit the ASA outside address per your ISP's routing and then know to exit the public dev interface as it is in the ASA's routing table as a connected route.

If you have an ACL on the outside interface, you would need to add a permit for inbound traffic destined for the public dev subnet.

View solution in original post

Marvin Rhoads · ‎08-08-2017

Just assign them the same security level and make sure you have a permit for trafffic same-security.

The public dev hosts should have the ASA public dev address as their default gateway. Traffic will enter there and exit towards the default route.

Incoming traffic from upstream will hit the ASA outside address per your ISP's routing and then know to exit the public dev interface as it is in the ASA's routing table as a connected route.

If you have an ACL on the outside interface, you would need to add a permit for inbound traffic destined for the public dev subnet.