Solved: How can ASA route packets that come in and out on the same interface?

nitass · ‎03-24-2006

Hi all,

How can I configure the ASA5520 to route packets that come in and out on the same interface? I’ve more than 1 network behind the ASA appliance. It’s separated by internal router. They can’t communicate for each other.

I’ve seen this is problem by design of PIX. Does it also apply to the ASA platform?

Please advice.

Thanks,

Nitass

jackko · ‎03-24-2006

this golden rule remains unchange. the only exception is with vpn traffic. e.g asa (or pix v7) would act as a hub to rediect vpn traffic between two spokes.

regarding your issue.

internet <--> asa <--> lan 1 <--> router <--> lan 2

assuming host at lan 1 has asa as the default gateway, even asa has a static route point to the internal router for lan 2, the golden rule will reject this operation.

one workaround is to re-configure the dhcp scope of lan 1 and make the internal router as the default gateway; and the internal router has the asa as the default gateway.

View solution in original post

jackko · ‎03-24-2006