03-24-2006 08:29 AM - edited 02-21-2020 12:47 AM
Hi all,
How can I configure the ASA5520 to route packets that come in and out on the same interface? Ive more than 1 network behind the ASA appliance. Its separated by internal router. They cant communicate for each other.
Ive seen this is problem by design of PIX. Does it also apply to the ASA platform?
Please advice.
Thanks,
Nitass
Solved! Go to Solution.
03-24-2006 05:44 PM
this golden rule remains unchange. the only exception is with vpn traffic. e.g asa (or pix v7) would act as a hub to rediect vpn traffic between two spokes.
regarding your issue.
internet <--> asa <--> lan 1 <--> router <--> lan 2
assuming host at lan 1 has asa as the default gateway, even asa has a static route point to the internal router for lan 2, the golden rule will reject this operation.
one workaround is to re-configure the dhcp scope of lan 1 and make the internal router as the default gateway; and the internal router has the asa as the default gateway.
03-24-2006 05:44 PM
this golden rule remains unchange. the only exception is with vpn traffic. e.g asa (or pix v7) would act as a hub to rediect vpn traffic between two spokes.
regarding your issue.
internet <--> asa <--> lan 1 <--> router <--> lan 2
assuming host at lan 1 has asa as the default gateway, even asa has a static route point to the internal router for lan 2, the golden rule will reject this operation.
one workaround is to re-configure the dhcp scope of lan 1 and make the internal router as the default gateway; and the internal router has the asa as the default gateway.
03-25-2006 02:52 AM
Ok, I see. Thanks for your help.
Have a nice day,
Nitass
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide